[ad_1]
On the 19th, the massive leak of a national database exposed confidential information of 223 million Brazilians, according to the dfndr laboratory of the cybersecurity company PSafe.
Marked as the largest data breach in the history of Brazil, the case scared many people, due to the amount of information that was exposed, facilitating the application of scams and fraud.
The leak included CPF of deceased persons.Source: Federal Government / Disclosure
Thinking of clarifying some doubts, we have collected in this text everything we know about the data leak so far.
What data was leaked?
Initially, a 223 million CPF leak was reported, including name, gender, date of birth and other information. The company subsequently announced a second improper disclosure, this time much more complete.
In addition to the data mentioned above, the two exposures revealed:
- Addresses
- Telephone numbers
- Vehicle data (license plate, chassis number, etc.)
- Information on CNPJ (company name, company name and date of foundation)
- Income tax details
- Photography Photos
- INSS benefits
- Information from public servants
- Education
- LinkedIn logs
- Financial data (credit score, bad checks and income, among others)
Where were they taken from and how?
For now, there is only the suspicion of where that data would have been stolen. One of the possibilities pointed out is that the information belonged to Serasa Experian, but the company denied that its system had been invaded.
There is also the possibility that the gigantic database was formed, gathering information from previous leaks, including inappropriate access to the systems of companies and public bodies.
Due to the lack of details about the origin of the data, it is not yet known how the hackers acted.
And those responsible for the action?
According to the company that identified the leak, the bases were posted by a cybercriminal in an online forum. In addition to the free CPF list, it sold the most comprehensive information package.
Financial information was also presented.Source: Freepik
The number of filtered CPFs is greater than the number of inhabitants. Why?
According to IBGE, Brazil currently has an estimated population of 212.6 million. The amount of data leaked indicated the exposure of the documents of 223 million people.
The explanation for this difference is simple: data on deceased persons have been included.
What are the risks for the population?
Various types of scams can be applied to stolen data. Committing crimes by impersonating someone else, opening a bank account, making an improper withdrawal from the Severance Fund (FGTS) and registering for social programs using false documents are some of the possibilities.
Criminals can also use the data to make false charges, for example by posing as banks, finance companies, service providers, and even the government.
What could I have done to protect my information?
Regarding this mega-leak, the affected people could not do anything to prevent it, since the responsibility to protect the data rests with the recipient (companies, government, social networks, etc.).
But you can mitigate the risks by being careful to avoid reporting personal data to untrusted sites.
In actions like this, the Internet user has nothing to do to protect himself.Source: Freepik
Is there a way to know if my data has been leaked?
Yes! Developer Allan Fernando created a website called Fui Vazado for anyone to enter their CPF and date of birth to verify if their information was disclosed on the web through the mega-leak.
How does the LGPD fit in this case?
In force since 2019, the General Data Protection Law (LGPD) was created with the aim of increasing the security of data collected on the internet, demanding the guarantee of its integrity, including more basic information.
The legislation provides sanctions such as a warning and a fine of 2% of the annual income of the company involved in leaks like this one, limited to R $ 50 million. However, the sanctions can only be applied from August of this year.
