[ad_1]
It is not news that we constantly see information related to the leakage of personal data all over the world, and this data can range from superficial information to something more complete, which could even include financial, professional and location data.
In one of the most recent examples of this deeper and more complex case, we had the news this week that a database with more than 223 million CPF and 40 million CNPJ was produced, including a complete dossier in each of the who were the victims of this huge leak, including full name, salary, face photo, and credit bureau score.
Safety
November 25
Economy and market
November 11
The main suspicion of the origin of the data in question fell on Serasa Experian, a company known to Brazilians for its services in the credit protection market and that was recently sued in court to stop selling personal data of Brazilians, based on this the General Data. Protection Law (LGPD).
The possibility that the credit bureau was the source of the leak occurs because it was observed that the information was related to Mosaic (Serasa’s service for prospecting clients and targeting ads with 11 groups and 40 segments).
According to information released by PSafe, the data is for the month of August 2019 and includes name, CPF, photograph, salary, income, education level, marital status, credit score, address, among others, and is sold online. with payment in bitcoin and value that depends on the amount of CPF purchased, totaling 37 databases
OAB, Procon-SP and Senacon question Serasa Experian
The appearance of a leak of this size has put the main consumer protection agencies and the OAB on alert, with different movements that mainly aim to investigate the case in question.
Starting with the Brazilian Bar Association (OAB), we have that the professional entity formally officiated and questioned the National Data Protection Authority (ANPD) demanding immediate actions in the investigation of the leak in question, warning about the risks involved in this leak.
Procon-SP and Senacon, for their part, requested clarification from Serasa Experian, with a period of 3 and 15 days (respectively) for the credit bureau to offer a formal position on what happened.
In addition, Procon-SP confirmed the activation of the São Paulo State Civil Police to investigate the case, something that will remain in the hands of the Cyber Crimes Division.
Serasa Experian investigates
Speaking of the other side of the coin, that is, what Serasa Experian says, we have the formal positioning (for the moment), and it is revealed that an internal investigation is currently being carried out on the databases to verify if these were really extracted from its database, it is also mentioned that “significant discrepancies” have already been identified.
“There has been news in the media that a hacker illegally offers data on Brazilian citizens on the web, some of which, according to him, are related to Serasa. We are committed to protecting the privacy of consumer data that we treat extremely seriously. Our investigation to date has shown significant discrepancies between the allegations made and the data we keep in our files. We started another scan of additional files that were available. “
The site allows you to check if your CPF is on the list
To close, we also have the appearance of the website “I was Vaccinated!”, Which promises to help find out if your data is part of this big leak, showing itself after providing the CPF and the full date of birth whose data may have been violated . with the leak, dividing into the categories Basic, email, phone, address, mosaic, occupation, credit score, general registration, voter registration, education, business, federal income and social class.
However, possibly due to high demand, the site has been slow and intermittent (including displaying the 504 error), requiring multiple attempts to gain access.
It is also possible to consult the filtered CNPJ
For those who want to check the leakage of data related to the CNPJ, we have the BLB20 LeakCheck website, which is maintained by the security company Syhunt and allows you to check if a CNPJ is among the 40 million leaked.
To make the query, the site requires the supply of the CNPJ number and basic information of the company such as the full name of the person in charge, corporate email, telephone number and information if the requestor for the data is the person in charge of the CNPJ or a security manager. .
A curious note in the name of the service is that the acronym BLB is the abbreviation of the phrase Great Escape from Brazil 2020.
