Researchers uncovered over 250 million personal records exposed through misconfigured servers in Brazil and the UAE, while another breach in Nigeria compromised more than half a million business users. In response to the growth of cybercrimes, Nigerian authorities aim to protect telecom systems as a part of critical infrastructure.

Cybersecurity experts often emphasize that the biggest vulnerability is not a system but rather humans. It is easier to deceive a human than an algorithm or simply wait for a mistake to occur. In the last week, three misconfigured servers were discovered, hosted in Brazil and the UAE. These servers were publicly accessible and lacked any security measures.

According to researchers, the misconfigured servers contained databases with over 250 million records of personal information. These records included data on citizens from various countries, including the United Arab Emirates, Saudi Arabia, South Africa, and others. The countries most affected were Turkey, with 88.4 million records; South Africa, with 44.5 million individuals; and Saudi Arabia, with 26.8 million citizens.

It's worth noting that all three databases likely belong to a single entity. The three exposed datasets have a similar structure and list of records, hinting at a single source of data. The datasets include the following sensitive information:

• National ID numbers
• First and last names
• Addresses
• Emails and other contact information

The leak was contained when the provider restricted access to the databases. However, it's unclear how long the data was exposed before this, as criminals may have copied sensitive records. Malicious actors may use this data for identity theft, phishing attacks, and other fraudulent activities.

Another data leak, which exposed highly sensitive information, happened in Nigeria. Criminals allegedly breached GetBumpa.com, a leading Nigerian business management platform widely used across African businesses. It supports business operations of many companies, as it provides capabilities to build websites, manage orders, record sales, process payments, and assist with financial reports.

A malicious actor claims to access records of more than 526,000 unique users, including:

• Customer ID
• Store IDs
• Full Names
• Contact details (email addresses and phone numbers).

This incident is a part of developing trends when criminals target technical services providers to gain access to downstream clients. For instance, an ongoing Salesforce campaign affected many large enterprises, such as Adidas, Google, Cisco, and many others. In Brazil, criminals targeted C&M, a fintech service provider, to access accounts of its clients and stole more than $100 million.

The number of cyberattacks and their sophistication is on the rise in Nigeria. In 2025, overall losses from cybercrime in the country reached $500 million. To address rising cybersecurity challenges, authorities act in the legislative field. The Nigerian Communications Commission (NCC) recently announced the development of a national cybersecurity framework to protect critical infrastructure. It’s worth noting that in August all telecommunication facilities were designated as a part of critical national information infrastructure by the president’s executive order. The framework should protect millions of Nigerian citizens.

The telecommunications industry is a major contributor to Nigeria's digital economy. It plays a significant role in the development of financial services, government, healthcare, and education. However, the industry is facing an increasing number of cyberattacks, such as distributed denial-of-service (DDoS) attacks, sabotage of control systems, espionage, and ransomware.

These attacks can severely disrupt services that are essential for the population, including telecommunications services. In response to this challenge, the government started the development of a new framework to protect the telecommunications sector.

Alignment with regulatory compliance is crucial for businesses. Ordinarily, such regulations form a wide range of security measures necessary for robust protection. They establish the necessary standards, from physical access and onboarding processes to document disposal and network protection. Protection of confidentiality could be a challenging task, as it involves many aspects, such as data processing and storage, assessment of confidentiality and access rights management, as well as control of printing devices.

To support businesses in meeting these requirements, SearchInform has prepared guidance materials. These resources explain how our solutions align with global regulations such as the GDPR, as well as region-specific frameworks like the SAMA Cybersecurity Framework, Data Cybersecurity Controls, and Saudi Arabia’s Personal Data Protection Law.