ZenoX, the threat intelligence company of the Dfense Group, specialized in AI-based solutions, highlights the severity of the recent leak of banking data of about 250 thousand Brazilians, detected on Wednesday (27). The information, exposed in a criminal forum on the dark web, includes sensitive data from customers of at least six institutions in the personal credit sector: Synchronos, Ephesus Capital, CredCenter, GoldenBank, SemprePromotora, MegaPromotora and ProntoPay. The discovery was made by the intelligence team of ZenoX, reinforcing the urgency of robust measures for financial protection in the sector
The data includes personal documents, financial information (credit card numbers), proof of address and selfies.“Data of this nature, when in improper hands, can be used for fraud attempts in various financial institutions, including improper loan and payroll loan requests, account opening, as well as scams prepared using social engineering with real customer data.The authenticity of the leaked data can make these scams particularly convincing”, comments Danrley Souza, Intel Threat Leader at ZenoX.
Gabriel Paiva, CEO of Grupo Dfense also highlights the legal and regulatory implications for affected companies: “In the regulatory and legal scope, companies may face significant sanctions by BACEN and other financial regulators, as well as investigations related to the LGPD. This can result in lawsuits filed by affected customers and substantial costs with mandatory notifications and legal adjustments. The impact on the institutional image of companies can affect not only the relationship with current customers, but also compromise future business opportunities and strategic partnerships in the financial sector,” warns the executive.
Finally, Souza cites some measures to act quickly and minimize the damage if the user is the victim of a data leak. They are:
- Contact your financial institution, alerting the bank of unauthorized transactions and requesting the blocking of compromised cards or accounts;
- Gather evidence, such as emails, messages, or screenshots that may be useful for future investigations;
- Register an Occurrence Bulletin (BO), formalizing the complaint in a police station or through online channels to assist in the investigation of cybercriminals;
- Monitor statements and credit reports, tracking financial transactions to identify suspicious activity and inform the responsible agencies to prevent misuse of stolen data.
