Breach, Threat Management, Data Security

Data on 92M Brazilians found for sale on underground forums

Several members-only dark web forums are reportedly auctioning what appears to be a stolen government database featuring the personal information of 92 million Brazilian citizens.

The 16GB SQL database contains such information as name, birth date, mother's name, gender and tax details including taxpayer IDs, according to BleepingComputer, which credits the discovery to a researcher with the Twitter user name Breach Radar.

BleepingComputer examined a sample from the database and was able to verify that the information was accurate.

Brazil's total population in 2019 is estimated to be over 210 million, meaning the database covers roughly 44 percent of the country's inhabitants.

The seller, who goes by the handle X4Crow, has also been advertising a search tool that can help users look up records on Brazilians, even if they have only a small amount of initial information about a particular person.

Simply by typing in a full name, taxpayer ID or phone number could potentially yield far greater information gleaned from government-issued documentation such as ID cards and driver's licenses, the seller claims. X4Crow also said the service can provide users with data on any company and its corporate structure.

"The data from the 92 million Brazilian citizens being auctioned in the underground forum would fall in the category of requiring protection under the Brazilian General Data Protection [Act], also known as Lei Geral de Proteção de Dados or LGDP," said Jonathan Deveaux, head of enterprise data protection with data security company comforte AG, in emailed comments. "Unfortunately, the law does not go into effect until August 15, 2020, a six-month extension from the previous February 2020 date." LGDP is considered similar in nature to Europe's General Data Protection Regulation, or GDPR.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.