Brazil’s National Data Protection Authority (ANPD, in the Portuguese acronym) has informed today (11) that it has started an investigation into the country’s second largest data leak of the year.
The investigation relates to the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, which, according to Brazilian news website Neofeed, included names, taxpayer registration numbers, minutes spent on phone calls and other details, including information relating to president Jair Bolsonaro.
A cybercriminal based outside Brazil who claimed to have obtained 57,2 million customer data sets from Vivo and 45,6 million data sets relating to Claro customers has been selling the data in the dark web, the article said. Cybersecurity and privacy firm Psafe discovered the incident on February 3, but couldn’t find evidence that both mobile operators had actually been the source of the leaks – and both companies deny that any customer data has been leaked.
The data protection authority stated that “it is taking all the appropriate measures” to investigate the case. The ANPD has summoned the Federal Police, as well as “the company that reported the fact and the companies involved”. The idea is that the organizations will help the newly-formed authority, which has released its initial strategy last week, to assist in the investigation and the adoption of actions to contain and mitigate risks related to the personal data of the consumers that have potentially been affected.
The news of the latest leak follow a previous incident earlier this year whereby details of 223 million Brazilians, including deceased citizens, ranging from name, address to current income, personal vehicle information and tax returns were exposed and sold in the dark web.