Data leakage is a serious and current security incident. Its scope challenges internet access management and generates numerous doubts and uncertainties. Regardless of the form or origin, data leakage is right damage to individuals and companies .
For these reasons, we could hardly bring all the information and characteristics of this occurrence in just one article. So Lumiun Blog starts a series of data leakage articles .
What is data leakage?
Data leakage is improper exposure and without prior consent of personal, sensitive, confidential, biometric, behavioral, confidential, registration or navigation data, for example.
Undoubtedly, a serious problem that exponentially increases the risks and the occurrence of scams and virtual fraud .
As a result, the process of leakage of data causes losses of all kinds : financial, patrimonial, moral, strategic, competitive, personal, etc.
But before we discover the dimensions and perspectives involved in this digital crime, it is noteworthy that data leakage is a process that involves at least three steps:
- Access (improper).
- Collection (unauthorized).
- Public dissemination or sale.
That is, before the exposure not authorized by the “owners of the data” , there will be improper access and collection infractions .
That is, the data leakage is not performed overnight or in isolation. According to the definition of “process”, the offense of improper data exposure occurs from a “continuous and ordained sequence” of actions .
A data leak starts through unauthorized access (accidental, intentional or illicit) and goes to public exposure or sale.
Finally, data leakage is one of the best known security incidents. After all, it is a violation of information security, which endangers the rights of the holders or results in inappropriate destruction, loss or treatment .
How does a data leakage happen?
A data leak is a full plate for cybercriminals. Princely, because it favors and facilitates the application of a huge variety of scams and cybers .
One of the common characteristics of this process is the increase in attempts at malicious attacks against individuals and companies after a data leakage.
Typically, data leaks are caused by vulnerabilities and/or information security and internet access failures . Also, in situations such as:
- Data theft
- Cyber attacks
- Malicious codes
- Use of weak passwords
- Employee or former employee action
- Loss or theft of equipment
- Negligence in the disposal of equipment and media
- Data in transfer without protection
- Invasion of personal, business or online data storage
- Improper and/or unlawful collection of navigation data
- Malicious applications and sites, which treat data differently than the informed
- Excessive data collection without the knowledge of users
- Lack of technical culture and policies for the management of internet access and data security
- Outdated software and applications
- Invasion of accounts
- Imperfect and/or recklessness online when it comes to disclosing personal data and filling in and observing the privacy settings
- Insecure connections
Security incidents with personal data
Before we move on, I suggest watching two quick and interesting videos. They will assist about security and data leakage incidents, the LGPD ( National Data Protection Authority - ANPD ) and personal data protection.
Firstly, understand the risk of Personal Data Leakage (6:53), from CNN Brasil Business .
Second, safety incidents, encryption and inspection of ANPD (9:47), produced for Personal Data Protection Week 2022 .
How to prevent data leakage
In principle, to prevent data leakage and minimize the risks of cybers, entrepreneurs, IT professionals and managers must look into their business .
Mostly, employees are the gateway to cyber attacks in companies and data leakage.
Therefore, it is necessary to train employees , establish and maintain a structured data security policy and internet access management .
Certainly, measures as relevant as solutions, technologies and security systems .
Thus, companies and entrepreneurs are less likely to suffer losses with data leakage and other cybercrimes. Of course, there is no magic solution or invulnerable system .
However, it is the first step in minimizing risks . Because the list of situations in which data leakage can occur is great.
What to do in case of data leakage
Attention and prevention! In fact, preventing is always the best medicine.
Knowing in depth the main risks and vulnerabilities is the first action to prepare your company and know how to proceed in case of data leakage.
Lots of information, planning compliance processes and establishing internet access and data security policies are essential steps.
Likewise, in the event of an occurrence, knowing who to turn to, whom to warn and how to notify .
Simply put: prepare the company to avoid damage to data leakage .
However, the subject is extensive and with variables that require efficiency, effectiveness and effectiveness in each process and step .
Higher data leaks of 2021
Brazil jumped from sixth position to the global first place in data leakage . A sad statistic. Below are some events that made this fact real.
From bad to worse
According to a report published on Canaltech , on December 16, 2021 , in the first 11 months of the year, 24.2 million profiles were exhibited “from attacks or breaches in systems”.
Click here and access the full article.
The first in the world
However, on December 18, 2021 , CNN Brasil published an interview with the expert on digital crimes Wanderson Castilho .
In the report, the expert states that, after computed the number of data exposed by the hacker attack to the Ministry of Health system, "more than 227 million Brazil data were exposed .
Thus, Brazil exceeded the United States in more than 14 million data on display , according to the report of Canaltech ( Brazil is the sixth largest country in total data leaks ).
Click here and access the full article.
Monster leakage
Public site leaked 426 million personal data and 109 million CNPJs, as well as signs of Brazilian vehicles. “A full plate for cybercriminals to apply social engineering blows,” says the article.
This monster data leakage was detected by DFNDR Enterprise Artificial Intelligence . After identifying the “ suspicious indexing ”, DFNDR Lab (PSAFE Digital Security Laboratory) referred a report to the National Data Protection Authority (ANPD).
Without identifying the origin or way this data leakage took place, the article warns of the severity of the situation. According to the data exposed, it would be possible to “open fake companies and accounts on social networks” .
Click here and access the full article.
Coincidence?
On October 4, 2021, WhatsApp, Facebook and Instagram went down . This was definitely not a good year for CEO Mark Zuckerberg.
A year marked by scandals. From fake news dissemination, facilitation of drug trafficking and people, to "legal problems for not ensuring security for users."
Coincidence, or not, that same day (October 4, 2021), the news comes that data from 1.5 billion Facebook users would be on sale at a hacker forum on Dark Web .
According to the article on the look digital , in this case, the data leakage did not originate in hacker invasion. This database would have been obtained by scraping: a process that collects information left available by careless users (public profiles) .
Click here and access the full article.
Vulnerability of Pix
In August, there was a leakage of 414,500 pix keys per telephone number of the State Bank of Sergipe (Banese). At the time, registration data was leaked, without the exposure of sensitive data (passwords and bank balances).
Finally, the same article informs a recent data leakage, on January 21, 2022: more than 160,000 pix keys were exposed .
The security incident, which took place between December 3 and 5, 2021 , exposed names , CPFs , institutions , agencies and accounts . According to BC information, the leakage of data did not affect the movement of the 160.1 thousand customers of access payment solutions .
Click here and access the full article.
These are good examples of the risks and damage that data leakage can lead to people and companies.
If you want to read more stories and data leakage cases, click here and visit the look of the Digital Look site dedicated exclusively to this security incident.
You will find a lot of news and stories: such as buying data from millions of Brazilians for $ 200 or about the leakage of data that compromised Panasonic , for example.
LGPD x Personal Data Leakage
The data leakage process can result in crimes and infractions such as:
- Fraud
- Obtaining passwords.
- Credit card cloning.
- Social engineering to persuade, manipulate and/or infect mobile devices, computers, networks and systems to promote cybership to people and companies.
The General Law on Personal Data Protection (LGPD) seeks to protect freedom and privacy. In practice, it requires changes in the way of collecting, storing, treating and using personal data .
As a result, impacts the administrative, legal, communication and marketing areas. But mainly, Internet access and information security technologies .
Therefore, LGPD is a stimulus to the adoption of measures against data leakage and privacy protection .
Its purpose is to try to ensure that personal data is treated lawful, properly and safely .
Both stored data (local or cloud) and data in transit . Because of this, individuals and legal entities have sought and researched solutions with security and privacy, such as VPN and Firewall DNS .
After all, the pandemic required the need for social distancing. Thus, remote work grew exponentially . And even in the postpandy, home office will not be abolished .
On the contrary, the tendency is to increase the number of workers who will continue or work from home. An even consolidated trend beyond 2022 .
When we talk about LGPD and data leakage, attention should be added. After all, the fines are heavy . But above all, because the damage to the reputation of companies can be irreversible .
The main benefits of prevention
Prevention is the keyword against data leakage to avoid financial losses and safeguard the reputation of companies.
In this sense, they need to be prepared. Which, in fact, need not be difficult or complex. After all, there are some simple, useful and affordable solutions available on the market .
Undoubtedly, the management of internet access combined with data security is the way to prevent information security incidents such as data leakage.
In practice, in addition to prevention , the best solutions in the market productivity and profitability indicators . Just search and compare.
Subscribe to our newsletter and receive more news and materials.
