Posted on February 13, 2021 at 9:21 PM
Brazilian data protection authority has stated investigating a data leak incident that affected 102 million private telephone records.
The incident, considered as one of the largest data leak incidents in Brazil, involves all types of personal records. The hacked data include the names of the consumers, their call history, taxpayer data, and other important data.
In another report, it was revealed that some of the stolen information contains certain details about Brazilian President Jair Bolsonaro.
102 million records from two firms affected
The alleged hacker revealed that about 45 million records were stolen from Claro Telecommunications Company. The hacker also revealed that Vivo, one of the largest telephone operators in Brazil, was also affected. The threat actors said they hacked into the company’s servers and accessed 57.2 million records of user registration. Cybersecurity firm PSafe has previously documented the activities of the threat actor.
While no information about the hacker’s motive has been confirmed, the obvious assumption is to expect the hackers to trade their loot in a darknet forum.
From the earlier investigation into the hacking incident, the breach may not have come from file extraction from the affected telephone companies, who have denied any incidence of the breach on their servers.
Both the Brazilian data authorities are not relenting in their efforts to get to the bottom of the incident. They are constantly in touch with the two companies involved to find out how the data was breached.
Appropriate measures are taken on the situation
The data protection authority was established recently to set policies and programs for cybersecurity in the country. The policies are expected to be followed by all private organizations in Brazil.
The authority is playing a major role to probe the incident. It is also charged with the responsibility of devising a mitigation method to minimize or prevent more damage to the system. The news is coming less than a week after another security breach report, which would have exposed millions of Brazil citizens, including the records of deceased persons.
The previous incident affected about 223 million records and included the names, tax returns, monthly income, and addresses of the affected consumer. It also involved senior public officers, and the agency has warned that the incident should be taken seriously.
According to the agency, the information stolen by cybercriminals can be used to deploy very complex and potent malicious campaigns.
The rate of cybercrime and hacking activities has increased over time. About 90% of phone users in Asia-Pacific already own one or more Internet of Things (IoT) devices. Some are planning to have more to take care of their other needs. However, 70% of them fear that they are being spied upon without their approval, while 81% are afraid their data has been exposed.
The data protection authority has revealed that appropriate measures are taken to resolve the case. The agency has already contacted the Federal Police to assist with the investigation. Apart from working with the police and the two affected companies, the agency is also working with the cybersecurity firm that reported the incident.
An unacceptable data breach routine in Brazil
After news of the previous hacking incident broke, Brazilian Institute for Consumer Protection (IDEC) sent notifications to several government agencies informing them about a massive data breach.
The breach, considered the largest data leak in Brazil, was discovered by cybersecurity firm PSafe.
IDEC noted that it has become an “unacceptable routine” for cybercriminals to carry out data breaches in the country. The consumer rights organization advised that organizations can avoid this problem by giving consumers the option of opting out of giving their data to organizations.