Brazil-based IT services and business process outsourcing provider Tivit has had data from many of its large customers leaked online.
Security research website DefCon-Lab found about 1,000 lines of code available on Pastebin's web service including data such as access credentials to Tivit's systems used by clients and other sensitive information including email exchanges.
The incident involved data from 19 companies including Brazilian bank Original, insurance company Zurich and software firm SAP. According to the outsourcing company, all clients that have been impacted were notified.
A Tivit representative told ZDNet that last week, nine members of staff have suffered a phishing attack through an email that contained a malicious link. This allowed cybercriminals to gain access to the details stored in their computers.
However, the company reiterated that neither its datacenters or client networks were invaded by outside sources and that the incident was limited to the computers used by employees that had been targeted by the phishing attack.
"We have been dealing with this issue as a matter of high priority and have hired external legal and IT support to ensure that all measures are in place to prevent that from happening again," the company said.