CIEE One Data Breach Exposes 248,725 Brazilians: What Happened in 2025?
A massive cyberattack with a colossal breach of sensitive data was launched against Brazil on July 1, 2025, when the notorious data leakage executioner called 888 publicised more than 248,725 sensitive hints stolen by CIEE One, a recruiting site accessible to the Centro de Integrao Empresa-Escola to match students and professionals with internship and apprenticeship programs in Brazil. This CIEE One data hack has posed grave implications for the security of clouds, privacy, as well as the safety of thousands of people who use this leading platform to support their careers.
How Did the CIEE One Data Breach Happen in 2025? Latest Update
CIEE Attack Timeline and Discovery
- June 17, 2025: An actor known as 888 shares stolen data at a different Brazilian site, since it raises concerns as possible threat behaviour.
- July 1, 2025: The exposed records of CIEE One appear on the dark web.
- July 2, 2025:Resecurity, one of the most well-known threat intelligence companies, alerts CERT.br and the Brazilian authority in data protection about the exposure.
- July 3–4, 2025: The compromise is confirmed, and it is still uncontained, and users are still in danger of having their data compromised.
CIEE Breach Details
The leading cause of the breach was a Google Cloud Storage bucket that was improperly configured with permission to save read-only access to everyone, as well as to share data with them. Hackers exploited this security setting’s shortcoming to siphon off massive amounts of personal information.
CIEE Main Data Types Exposed
| Data Category | Estimate Exposed | File Types | Details Included |
| Profile Pictures | 281,912 | JPEG/PNG | User images for profiles and verification |
| Vacancy Videos | ~8,000 | MP4/MOV | Job application video submissions |
| CVs | ~40,000 | PDF/JPEG | User resumes with detailed work and study history |
| CSV Files (Candidate) | 285 files | CSV | Bulk user records, names, contacts, CPF, education… |
| Medical Reports | 2,838 | Private medical evaluations tied to hiring | |
| Excel Documents | 264 | XLSX | Tracking sheets, candidate lists, internal reports |
Field “CPF” refers to Cadastro de Pessoas Físicas, Brazil’s taxpayer registry, and is highly sensitive to identity theft risk.
Affected Companies and Sectors by CIEE One Data Breach: Latest Update
| Sector/Partner | Noteworthy Users | Purpose |
| Finance | Bradesco, Caixa | Recruitment, internship hiring |
| Telecom & Tech | Claro, BRF | Graduate talent programs |
| Oil, Gas & Energy | Multiple local entities | Trainee and specialist hiring |
The platform is frequently used by major corporations, the government, and private sector leaders.
Privacy, Security, and Business Risks by CIEE One Data Breach 2025
What Was Leaked and Why It Matters?
| Type of Risk | Details |
| Identity Theft | Access to CPF numbers, addresses, emails, and phone numbers can fuel criminal schemes |
| Document Theft | Leak of CVs, personal documents, and medical reports poses a long-term risk |
| Extortion/Abuse | Medical data, photos, and videos could be used for scams or extortion |
| Regulatory Exposure | Violations of Brazil’s LGPD law risking fines and legal action |
| Reputation Damage | Users may leave CIEE One, losing trust in digital hiring |
- Biometric and medical information can never be altered upon getting stolen, as compared to emails or phone numbers.
- Generic documentation gives opportunities to a fraudster to impersonate, scam, or blackmail a victim.
Why Cloud Misconfiguration is an Ongoing Problem after CIEE One Data Breach?
Cloud bucket exposures are among the top attack methods worldwide. Industry statistics claim that 41% of breaches on cloud are as a result of settings that have left storage to remain open. Automatic tools have become available to scan exposed buckets on a large scale and quickly discover, like the CIEE One bucket.
What Has Been Done and What’s Next?
- Resecurity informed both CIEE and Brazilian authorities, recommended and advised that the bucket should be secured and users warned.
- Victims were advised to keep a vigil on their identity, bank accounts and online traces.
- The firms are also demanding enhanced access controls to the cloud, enhanced audits, and frequent vulnerability scans as a way of minimising the risks in the future.
The LGPD data protection law in Brazil has a data protection rate of up to R$50 million per inflexion, which is an additional incentive of financial importance to fix quickly and protect the data.
Updated Timeline of CIEE One Data Breach 2025
| Date | Event | Source/Action |
| June 17, 2025 | Other breaches by “888” noted | Early warning signs posted on forums |
| July 1, 2025 | CIEE One records published (248,725 users) | Public leak on the dark web |
| July 2, 2025 | Incident reported to CERT.br, ANPD | Resecurity alert issued |
| July 3–4, 2025 | Risk for uncontained breach remains | Ongoing analysis and notifications |
CIEE One Data Breach: Prevention Lessons for Brazil
- Regular audits and stringent access controls prevent most accidental exposure.
- Confidentially storing such information as resumes, medical records, and IDs requires at least zero-tolerance safety.
- All organisations should perform Vulnerability Assessment and Penetration Testing (VAPT) often.
- The businesses need to adhere to the provisions of LGPD and the international best practices to prevent expensive errors and to establish a trust relationship with the users.
For more updates like this, please visit: visababu.com
Frequently Asked Questions (FAQs)
Q1: What is the CIEE One data breach?
A: The CIEE One data breach refers to the exposure of 248,725 user records stolen from CIEE One, a Brazilian recruitment platform, via a misconfigured cloud storage bucket in July 2025.
Q2: What was the information that leaked during the breach?
A: Exposed information includes full names, CPF numbers, contact details, resumes (CVs), job videos, profile photos, and even medical reports.
Q3: What can I do to know whether my information was leaked?
A: In case you used CIEE One during 2023 and before July 2025, contact the platform or Brazilian data protection authority to find out exposure status.
Q4: What are the dangers to the compromised users?
A: Personal information that was exposed can be utilised in scaming, phishing, identity theft, blackmail, or account hijacks.
Q5: What could companies do to avert such breaches?
A: The company can secure cloud settings, carrying out frequent penetration testing, and compliance with the recommendations of the Brazil LGPD to ensure all of their personal information.
Q6 Does CIEE One have the problem fixed?
A: The exposed bucket was reported already on July 2, 2025. Resecurity/CERT.br follow-up continues to confirm that the closure is resolved.
Q7: What makes CPF so delicate in Brazil?
A: CPF is a special tax identification number that is linked to identity validation, which is very valuable information to commit fraud and abuse in case of leakage.
