The personal information of 92 million Brazilian citizens are being auctioned on underground forums.
The auction is said to be present on numerous restricted-access forums on the dark web, to which anyone can access by paying a fee or being invited by someone within the community.
According to BleepingComputer, the personal data is being sold through a database that is 16GB large in a SQL format – with a starting price of $15,000 and a set up bid of $1,000.
The seller claimed that the records include the names, taxpayer IDs of individuals, their dates of births, and taxpayer details about legal entities.
A sample of the database had been provided, to which BleepingComputer were able to verify the information of the individuals.
It is unclear as to who the database belongs to, however the seller claims that it contains the unique information of “almost all Brazilian citizens.” As the database includes taxpayer numbers, it can be assumed that the records belong to a government database of 93 million employed Brazilians.
The seller claims to be able to retrieve data available in national identification documents, such as ID cards and driver’s licenses, using input as little as full names, taxpayer IDs, or phone numbers.
The Brazilian General Data Protection Law will go into effect in August 2020, therefore only until then will consumers have rights in regards to their data, and ensuring that companies are protecting their data.
Jonathan Deveaux, head of enterprise data protection with comforte AG said: “An emerging best practice among many technology leaders is to adopt a data-centric security approach, which protects personal data with anonymization technology like tokenization.”
“Not only does tokenization allow organizations to meet compliance requirements and remain secure, but tokenization also allows organizations to securely embrace modern technology like hybrid or multi-cloud computing, which as been scrutinized as having major data security gaps.”
The post #Privacy: Personal data of 92 million Brazilians for sale on underground forums appeared first on PrivSec Report.