A supposed hacker attack on Gravy Analytics, the company responsible for processing location data of millions of users, raises concerns about the security of personal information and the impacts of its exposure.
The leak, which may have compromised 17 TB of data, revealed information such as addresses of public figures, daily routes of individuals, and the identity of users of LGBTQIA+ dating apps in countries where these people face discrimination or are criminalized.
The incident reinforces the responsibility of technology companies that deal with sensitive data. ‘To prevent occurrences like this, companies need to invest in prevention, update policies and protocols, use security tools, and, most importantly, train their employees,’ emphasizes Patricia Peck, CEO of Peck Advogados.
Keeping employees updated with company data protection policies and rules can be the most efficient tool to prevent leaks. ‘Crisis room training, which allows simulating scenarios and rehearsing measures, can make all the difference in knowing how to handle an incident properly,’ explains the lawyer.
In Brazil, the General Data Protection Law (LGPD) establishes clear rules for the protection of personal data, requiring technical and administrative measures to prevent unauthorized access. Failing to comply with these obligations can lead to financial penalties and harm the reputation of the companies involved.
Although the legislation already imposes obligations on entrepreneurs, the lawyer specialized in Digital Law affirms that ‘the cyber resilience score of Brazilian companies and public institutions is low. The new threats brought by the criminal use of AI with Deep Fake make the situation even more concerning.’
With data becoming increasingly economically relevant, companies need to continuously invest in advanced security solutions, such as encryption, system audits, and strategies to mitigate damages in case of a leak. This protection is not only a legal requirement but a way to preserve the trust of users and the market itself.
“Data leakage cases show that it is necessary to adopt a preventive stance in cybersecurity. Organizations need to combine technology investments with training to protect individuals’ rights and comply with current legislation,” warns the CEO of Peck Advogados.
