Mega leak: what preventive measures should be taken to avoid illicit transactions with your data?

Por Rafael Variz


Recently, the personal data of thousands of Brazilians leaked through criminal actions. Called the “mega leak” due to its proportions, sources with information on more than 223 million Brazilians were hacked and exposed in forums used by digital criminals.

In this data extraction, information such as vehicle data, limited CPF data, information on education, INSS benefits and social programs, income and credit score were disclosed. Data on deceased people were also exposed and, therefore, the number of information disclosed exceeds the Brazilian population.

The second leak case happened through the exposure of more than 100 million mobile numbers on the dark web. The action was disclosed by the cybersecurity company PSafe and, according to information, records of cell phone operators such as number, duration time of calls and personal information of the holder were leaked.

Unfortunately, not much can be done to reverse the data leak, which demonstrates the existing constant fragility in the information storage and protection system in Brazil, in addition to the difficulty of the National Data Protection Authority (ANPD) in responding and presenting effective solutions to avoid future cases.

However, we have separated some tips and information that can be useful to prevent future problems and avoid risks of being scammed with the use of your personal data.

How to keep your data safe

With the leak of personal information, the identity of the citizen may be stolen, through account opening or financial transactions and fraudulent activities on their behalf.

The Central Bank has provided a platform that helps to know if your CPF is being used for illicit methods. On the website, you can find information about accounts in financial institutions linked to the document, Pix keys, loans and debts on cards.

To check the Registrato platform, access:

It is important that the verification of this data takes place only through official bodies, avoiding entering information or clicking on unreliable links received via SMS, e-mail or message applications.

The maintenance of passwords is also necessary. By choosing strong passwords and frequently changing them, the chances of invasion decrease considerably. In addition, we advise you not to have passwords and card data saved in your Google account or browser.

It is also recommended to navigate and make transactions only on reliable websites and do not make payments through unknown locations or by non-official applications.

For companies, it is of utmost importance to be in compliance with the General Data Protection Act (LGPD) – ensuring the protection of information storage through cybersecurity and a strengthened Information Technology Network, as well as transparency of how they are being used.

The LGPD effectively came into force last year, but the fines provided for by the law are not yet being applied. To assist in the implementation of the law and in the protection of data, we offer support through the HLB Smart line of services.

Contact one of our experts and request a proposal or send your questions. HLB Brasil is available to guide you in the best possible way.

Rafael Variz is IT Director at HLB Brasil

Get in touch
Whatever your question our global team will point you in the right direction
Start the conversation

Related content