An alleged hacker attack on Gravy Analytics, a company responsible for processing location data from millions of users, raises concerns about the security of personal information and the impacts of its exposure.
The leak, which may have compromised 17 TB of data, revealed information such as addresses of public figures, daily commutes of individuals, and the identities of users of LGBTQIA+ dating apps in countries where these people face discrimination or are criminalized.
The incident reinforces the responsibility of technology companies that operate with sensitive data. “To avoid occurrences like this, companies need to invest in prevention, update policies and protocols, use security tools and, above all, train their employees,” emphasizes Patricia Peck, CEO of Peck Advogados.
Keeping employees updated on company data protection policies and rules can be the most effective tool for preventing leaks. "Crisis room training, which allows for simulating scenarios and rehearsing measures, can make all the difference in knowing how to properly conduct an incident response," explains the lawyer.
In Brazil, the General Data Protection Law (LGPD) establishes clear rules for the protection of personal data, requiring technical and administrative measures to prevent unauthorized access. Failure to comply with these obligations may result in financial penalties and damage to the reputation of the companies involved.
Despite existing legislation outlining obligations for businesses, the lawyer specializing in Digital Law states that "the cyber resilience score of Brazilian companies and public institutions is low. The new threats brought about by the criminal use of AI with Deep Fake make the situation even more worrying."
With data gaining increasing economic relevance, companies need to continuously invest in advanced security solutions, such as encryption, system audits, and strategies to mitigate damage in case of a data breach. This protection is not only a legal requirement but also a way to preserve the trust of users and the market itself.
“Data breach cases show that a proactive approach to cybersecurity is necessary. Organizations need to combine investments in technology with training to protect individuals' rights and comply with current legislation,” warns the CEO of Peck Advogados.
