[BreachExchange] Brazilian IT firm Tivit suffers data leak

[Destry Winant]

https://www.zdnet.com/article/brazilian-it-firm-tivit-suffers-data-leak/

Brazil-based IT services and business process outsourcing provider
Tivit has had data from many of its large customers leaked online.

Security research website DefCon-Lab found about 1,000 lines of code
available on Pastebin's web service including data such as access
credentials to Tivit's systems used by clients and other sensitive
information including email exchanges.

The incident involved data from 19 companies including Brazilian bank
Original, insurance company Zurich and software firm SAP. According to
the outsourcing company, all clients that have been impacted were
notified.

A Tivit representative told ZDNet that last week, nine members of
staff have suffered a phishing attack through an email that contained
a malicious link. This allowed cybercriminals to gain access to the
details stored in their computers.

However, the company reiterated that neither its datacenters or client
networks were invaded by outside sources and that the incident was
limited to the computers used by employees that had been targeted by
the phishing attack.

"We have been dealing with this issue as a matter of high priority and
have hired external legal and IT support to ensure that all measures
are in place to prevent that from happening again," the company said.