ZenoX, the threat intelligence company of the Dfense Group, specializing in AI-based solutions, highlights the severity of the recent data breach involving approximately 250,000 Brazilians' banking information, detected this Wednesday (27). The information, posted on a criminal forum on the dark web, includes sensitive data from clients of at least six personal credit sector institutions: Sincronos, Éfeso Capital, CredCenter, GoldenBank, SemprePromotora, MegaPromotora, and ProntoPay. The discovery was made by ZenoX's intelligence team, highlighting the urgency of robust data protection measures in the financial sector.
The data includes personal documents, financial information (credit card numbers), proof of address, and selfies. "Data of this nature, when in the wrong hands, can be used for fraud attempts in various financial institutions, including unauthorized loan and payroll credit requests, account openings, as well as elaborate scams using social engineering with real customer data. The authenticity of the leaked data can make these frauds particularly convincing," comments Danrley Souza, Threat Intel Leader at ZenoX.
Gabriel Paiva, CEO of Grupo Dfense, also highlights the legal and regulatory implications for affected companies: “In the regulatory and legal sphere, companies may face significant sanctions from BACEN and other financial regulators, in addition to investigations related to LGPD. This may result in lawsuits filed by affected customers and substantial costs with mandatory notifications and legal adjustments. The impact on the institutional image of companies may affect not only the relationship with current customers, but also compromise future business opportunities and strategic partnerships in the financial sector,” warns the executive.
Finally, Souza cites some measures to act quickly and minimize damages in case the user is a victim of a data leak. They are:
- Contact your financial institution, notifying the bank about unauthorized transactions and requesting the blocking of compromised cards or accounts;
- Gather evidence such as emails, messages, or screenshots that may be useful for future investigations;
- File a Police Report (BO), formalizing the complaint at a police station or through online channels to assist in the investigation of cybercriminals;
- Monitor statements and credit reports, tracking financial transactions to identify suspicious activity and inform the responsible agencies to prevent misuse of stolen data.
