A major data leak from the world’s largest medical cooperation, Unimed, has occurred in Brazil: 14 million messages between patients and doctors have been leaked online. The leaked data includes medical conversations, various documents, photos and personal identifiers.
The open Kafka server, which belonged to the Brazilian medical giant Unimed, was completely unprotected, and messages between patients, the chatbot “Sara” and the company’s medical staff were transmitted through it. Unimed serves about 15 million customers, and, judging by the logs, the leak could have affected about 14 million messages.
Kafka is a real-time data exchange platform that is often used in large distributed systems. In this case, the server was mistakenly left open, without any authentication and without any access restrictions.
The leaked data included names, phone numbers, email addresses, Unimed card numbers, uploaded photos, documents, and personal medical information. Researchers warn that this data could be used for identity theft, financial fraud, insurance scams, phishing, blackmail, and even to incite hatred through the confidential content of the conversations.
A particular danger is the fact that anyone could not only read the information, but also change or delete messages, which opens up opportunities for manipulation and attacks on the healthcare system.
Unimed is the largest medical cooperative in the world, which plays a strategic role in the Brazilian healthcare system. The company operates on the basis of digital platforms, one of which is Kafka, which was left unprotected. The data leak became known on March 24, 2025, it was reported on March 31, and only on April 7 did the company close the instance. Only after the publication of the material did Unimed acknowledge the incident, calling it an “isolated incident” and noting that “there is currently no evidence of a real leak of confidential data.”
