An alleged hacker attack on Gravy Analytics, a company responsible for processing location data from millions of users, raises concerns about the security of personal information and the impacts of its exposure.
The leak, which may have compromised 17TB of data, revealed information such as addresses of public figures, daily routes of individuals and the identities of users of LGBTQIA+ dating apps in countries where these people face discrimination or are criminalized.
The incident reinforces the responsibility of technology companies that handle sensitive data. "To prevent occurrences like this, companies need to invest in prevention, update policies and protocols, use security tools, and, most importantly, train their employees," emphasizes Patricia Peck, CEO of Peck Advogados.
Keeping employees updated on the company's data protection policies and rules can be the most effective tool to prevent leaks. "The crisis room training, which allows for simulating scenarios and rehearsing measures, can make all the difference in knowing how to properly conduct an incident response," explains the lawyer.
In Brazil, the General Data Protection Law (LGPD) establishes clear rules for the protection of personal data, requiring technical and administrative measures to prevent unauthorized access. Failing to comply with these obligations can result in financial penalties and damage to the reputation of the involved companies.
Although the legislation already provides for obligations for businesspeople, the lawyer specializing in Digital Law states that “the cyber resilience score of Brazilian companies and public institutions is low. The new threats brought by the criminal use of AI with Deep Fake make the situation even more worrying”.
With data gaining increasing economic relevance, companies need to continuously invest in advanced security solutions such as encryption, system audits, and strategies to mitigate damages in case of a leak. This protection is not only a legal requirement but also a way to preserve the trust of users and the market itself.
“Data leak cases show that it is necessary to adopt a preventive stance in cybersecurity. Organizations need to combine investments in technology with training to protect the rights of individuals and comply with current legislation,” warns the CEO of Peck Advogados.
