Data breach affects millions of Brazilians; hackers leak Jair Bolsonaro’s confidential information

Brazilian data protection authority initiated an investigation into a massive data breach that would have led to the exposure of more than 102 million private telephone records, so it is already considered one of the most serious cybersecurity incidents ever detected in Brazil and even South America.

The information, picked up from a local news platform, notes that this incident involves all kinds of personal records, including full names, taxpayer data, call history, among other sensitive data. An additional report mentions that some records contain information belonging to Brazilian President Jair Bolsonaro.

In this regard, a threat actor based outside Brazil claims to have accessed around 57.2 million user registrations of Vivo, one of the most important telephone operators in Brazil. The alleged hacker also mentions having 45 million records from the telecommunications company Claro. The activity of this threat actor has been documented by security firm Psafe.

Although there is nothing confirmed, it is believed that this information could be for sale on some hacking forum hosted on dark web.

Early investigations into the incident indicate that the compromised information is unlikely to have been extracted directly from the telephone companies concerned, from where they even denies that such a leak occurred. Data protection authorities continue to investigate the incident, quoting representatives from both companies to add their statements to the files.

Brazil’s National Data Protection Authority is a recently created entity dedicated to developing cybersecurity plans and programs to which all public and private organizations in Brazil will have to adhere. This agency will play a leading role in investigating the incident, and will also have the implementation of a mitigation plan to prevent further damage.

News of the leak came just a couple of days after the report of another security incident that would have affected millions of Brazilian citizens, including leaking records of deceased persons over the past two years. This incident set out details such as full names, addresses, approximate monthly income, tax returns, among other confidential data.

Involving information from senior public officials and even the president of Brazil should not be taken lightly, as a few details about anyone are sufficient for cybercriminal groups to deploy complex malicious campaigns. To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Cyber Security Institute (IICS) website.