[ad_1]
SÃO PAULO – Brazil already has a General Data Protection Law (LGPD). The legislation regulates how companies must treat, store and protect the personal data of Brazilians, and provides fines and penalties for companies that do not follow the new rules. However, the first year of the law has been marked by information protection failures.
Two massive data leaks It already happened in the country in 2021. In January, data on more than 223 million Brazilians, living or deceased, were exposed. This leak was considered by experts as the largest in Brazilian history. Now, a new leak has exposed more than 100 million private mobile phone numbers.
Experts point to a huge weakness in the country’s digital security system. THE InfoMoney explains below what are the greater risks for the user whose information was leaked on the Internet, what to do to reduce losses me which authorities should be contacted.
Understand leaks
The two leaks were discovered by the Brazilian digital security company PSafe, which ensures that a large part of this data is for sale on the Internet. The source of the information about the first leak, which is being investigated by the Federal Police, has not yet been discovered.
Regarding the second leak, PSafe claims to have contacted the hacker responsible and requested a sample of the database, to verify the veracity of the information. PSafe reported that the data was true and that the hacker It would have indicated that the information was extracted from the database of the telephone operators Vivo and Claro.
However, PSafe is still unsure of the source of the data. Both Claro and Vivo assure that they have not identified any type of invasion and flight of their banks.
“Our team is still unclear on how the data was obtained. What we can say is that business data leaks are becoming more frequent and employees of home Office have been the main target of cybercriminals. It’s an unfair fight for businesses – one unprotected device and one successful threat are enough to cause a leak. Data protection must be active 24 hours a day, ”explained Marco DeMello, CEO of PSafe.
“Vivo reiterates the transparency in its relationship with its clients and points out that there were no incidents of data leaks. The company indicates that it has the strictest controls in accessing its consumers’ data and in combating practices that may threaten their privacy, ”Vivo reported in a note sent to InfoMoney.
Claro explained that it will open an investigation to determine what happened in its database. However, he made it clear that he has yet to identify any leaks. “Regarding the aforementioned case, Claro reports that it did not identify a data leak. And, according to the report, the company that located the base found no evidence to support the criminals’ accusation. Furthermore, as a governance practice, the operator will also conduct an investigation. Claro invests heavily in security policies and procedures and maintains constant monitoring, adopting measures, in accordance with best practices, to identify fraud and protect its customers, ”the operator also explained in a statement to the InfoMoney.
What can criminals do?
Do not first leak, personal information such as telephone, academic background, salary, physical and electronic addresses, photos, surnames, income tax data, social class, documents (RG, CPF, CNH, voter title) were exposed on the Internet, score bank credit and even consumption profile. The leak also included information on more than 40 million companies in the country, such as CNPJ, company name, company name and date of foundation, as well as detailed data on 104 million vehicles.
THE second leak it again included cell phone numbers, but also phone bill values, minutes spent per day, social security numbers, and dates of birth.
How can digital criminals act? THE hacker, or anyone who has paid to purchase this information, can perform various types of fraud on behalf of the person who exposed the data.
A success in Brazil is the WhatsApp cloning. The tactic is an adaptation of the application’s account theft, which appeared in mid-2019. Although the theft generates an alert for the victim, the user is unaware that his name is involved in a cloning scam.
For this scam to work, hackers access photos on social media to create fake WhatsApp profiles. Public texts are also used to try to imitate the victim’s mode of communication. Another important step for the offender to pose as the victim is to know the relationship or relationship with the other victim. Since the pictures, phone number and affiliation were exposed on the internet, the scam is even easier to perform.
Financial scams they also tend to occur more frequently. Criminals may attempt to impersonate financial institutions and contact the user offering a bonus or exclusive benefit, in order to collect passwords or more access to the victim’s bank account.
Another risk pointed out by specialists refers to the passwords. Because so much information was leaked, it is possible that criminals can gain access to your passwords through trial and error; It could be your date of birth, your home address, the name of a relative, or some other document of your own. This mechanism is called brute force attack.
“People don’t know how personal preferences, registry data or routine situations can be used against them,” explains Fabio Assolini, a senior security analyst at Kaspersky, a developer of antivirus and security software in Brazil.
The losses can be huge, even beyond the digital world. Experts note that criminals can open bank accounts, issue credit cards and even get make financing, loans or you take out on behalf of someone else.
Another risk in the real world pointed out by specialists is the scam involving vehicles. Since information on more than 104 million vehicles has been leaked, criminals can clone chassis and license plates.
For companies, the risk is financially higher. Criminals can try to break into a company’s internal network in a number of ways, since they know the email addresses of all employees and their details.
Once inside the internal network, hackers can do an attack known as Data hijacking. It is the “hijacking” of company data. The company is held hostage by criminals, who usually demand a ransom payment to return this data.
One in three attacks with Data hijacking It happens in the business sector, and Brazilian companies seem to be more in the spotlight. A Kaspersky study revealed that, in a sample of 30,000 attempts to hijack commercial data in the world between January and May of this year, Brazil was the country with the most cases.
How do I know if my data has been leaked?
A website called FuiVazado appeared, in order to inform the user what data was exposed. But a decision by Alexandre de Moraes, minister of the Federal Supreme Court (STF), determined that the site should be dismantled. According to a report by Twitter, the Federal Police are looking for the official developer of the site to clarify the email address and the data he had. The developer, a 19-year-old young man, has yet to be located by either the PF or the report.
With the end of FuiVazado and other similar sites, there is no longer any way to know exactly what data has been leaked. But there is an alternative way to find out if you are the victim of a fraud scam with your information. The place Registered, from the Central Bank, allows you to monitor which checking accounts and how many loans are linked to your CPF. It is possible to register through the institution’s application on your cell phone or computer.
Although it is not a way to protect yourself from a possible scam, the site allows the the consumer can act more quickly if you notice any strange movements related to your PFC. If a person discovers that third parties have opened accounts or loans in their name, for example, they can quickly contact the financial institution or the Central Bank.
How to defend against virtual attacks?
George Bonfim, lawyer specialized in Digital Law and Data Protection, from Natal & Manssur, explains some ways protect yourself from a virtual attack or from mitigate the effects of exposure to information.
Bonfim explains that it is important that the user Avoid leaving credit cards registered with shopping sites.. If possible, you should also use the virtual credit card, a form of payment offered by many banks that allows you to make a single transaction for each card generated.
“It is important Avoid providing personal information over the phone or instant communicators., like WhatsApp and Telegram, without knowing exactly for what purpose. In the same way, do not fill this type of data on unknown or linked pagesBonfim emphasizes.
It is also recommended that the user avoid keeping the same email address after leaks. More important, passwords need to be changed. It’s better to use words that aren’t personal information, or even use a random password generator.
If the consumer suffers from a digital scam, they should seek competent authorities. “You should also register police report me complaints in the new body [ANPD] and already established, as Public ministry, Procon me regulatory agencies. With a higher rate of complaints, it is possible to initiate investigations and even fraud prevention actions ”, says the lawyer.
The sanctions and fines provided for in the LGPD can only be applied from August 2021. But there is no impediment for people to already file complaints. “Brazil already has extensive legislation on protection and the right to redress, as is the case with the Consumer Protection Code,” adds Bonfim.
Have you ever thought about being a runner? This free InfoMoney series shows you how to join one of the highest paying professions on the market. Leave your email below to see it.
[ad_2]
