Data breaches are a serious and current security incident. Their scope challenges internet access management and generates numerous doubts and uncertainties. Regardless of the form or origin, data breaches are a sure loss for individuals and companies .
For these reasons, it would be difficult to include all the information and details of this event in just one article. Therefore, the Lumiun Blog is starting a series of articles about data breaches .
What is a data breach?
A data breach is the unauthorized and unconsented exposure of personal, sensitive, confidential, biometric, behavioral, or confidential data, such as registration or browsing data.
Without a doubt, this is a serious problem that exponentially increases the risks and occurrence of online scams and fraud .
As a result, the data breach process causes all kinds of damage : financial, property-related, moral, strategic, competitive, personal, etc.
But before we explore the dimensions and perspectives involved in this digital crime, it's worth highlighting that a data breach is a process that involves at least three stages:
- (Unauthorized) access
- Collection (unauthorized).
- Public disclosure or sale.
That is, before the unauthorized exposure by the "data owners ," there will be violations of improper access and collection .
In other words, a data breach doesn't happen overnight or in isolation. According to the definition of "process," the crime of improper data disclosure occurs as a "continuous and ordered sequence" of actions .
A data breach begins with unauthorized access (accidental, intentional, or unlawful) and extends to public exposure or sale.
In short, a data breach is one of the most well-known security incidents. After all, it is a violation of information security that jeopardizes the rights of data subjects or results in destruction, loss, or improper handling .
How does a data breach happen?
A data breach is a goldmine for cybercriminals. Primarily because it facilitates and enables a wide variety of scams and cyberattacks .
One of the common characteristics of this process is the increase in attempted malicious attacks against individuals and companies following a data breach.
Data breaches are typically caused by vulnerabilities and/or failures in information security and internet access . They can also occur in situations such as:
- Data theft
- Cyberattacks
- Malicious codes
- Using weak passwords
- Action by current or former employees
- Loss or theft of equipment
- Negligence in the disposal of equipment and media
- Data being transferred without protection
- Intrusion into personal, business, or online data storage systems
- Improper and/or illegal collection of browsing data
- Malicious apps and websites that handle data differently than reported
- Excessive data collection without users' knowledge
- Lack of technical culture and policies for managing internet access and data security
- Outdated or pirated software and applications
- Account hacking
- Incompetence and/or recklessness online when disclosing personal data and filling out forms, and failing to observe privacy settings
- Insecure connections
Security incidents involving personal data
Before we move on, I suggest watching two quick and interesting videos. They will help you understand security incidents and data breaches, the LGPD's regulatory body ( National Data Protection Authority – ANPD ), and the protection of personal data.
First, understand the risk of personal data leaks (6:53), from CNN Brasil Business .
Secondly, Security incidents, encryption and ANPD oversight (9:47), produced for Personal Data Protection Week 2022 .
How to prevent data leaks
In principle, to prevent data leaks and minimize the risks of cyberattacks, business owners, IT professionals, and managers should turn their attention inward to their business .
In the vast majority of cases, employees are the gateway for cyberattacks and data breaches in companies.
Therefore, it is necessary to train employees and establish and maintain a structured data security and internet access management policy .
Certainly, measures as relevant as security solutions, technologies, and systems are crucial .
In this way, companies and business owners have a lower chance of suffering losses from data leaks and other cybercrimes. Of course, there is no magic solution or invulnerable system .
However, it is the first step in minimizing risks . Because the list of situations in which data leaks can occur is long.
What to do in case of a data breach
Attention and prevention! Indeed, prevention is always the best medicine.
Understanding the main risks and vulnerabilities thoroughly is the first step in preparing your company and knowing how to proceed in the event of a data breach.
Gathering a lot of information, planning compliance processes, and establishing internet access and data security policies are essential steps.
Similarly, in the event of an incident, it's important to know who to contact, who to notify, and how to report it .
In simple terms, it's about preparing the company to avoid losses due to data leaks .
However, the subject is extensive and involves variables that demand efficiency, effectiveness, and efficacy in each process and stage .
Biggest data leaks of 2021
Brazil jumped from sixth to first place globally in data breaches . A sad statistic. See below some events that made this fact a reality.
From bad to worse
According to a report published on CanalTech on December 16, 2021 , in the first 11 months of the year, 24.2 million profiles were exposed "due to attacks or breaches in systems."
Click here to access the full article.
The first in the world
However, on December 18, 2021 , CNN Brazil published an interview with digital crime expert Wanderson Castilho .
In the report, the expert states that, after calculating the number of data points exposed by the hacker attack on the Ministry of Health's system, "more than 227 million data points belonging to Brazilians were exposed .
Thus, Brazil surpassed the United States in more than 14 million exposed data breaches , according to a report by CanalTech ( Brazil is the sixth largest country in total data breaches ).
Click here to access the full article.
Monster leak
A public website leaked 426 million personal data records and 109 million CNPJs (Brazilian company tax IDs), as well as Brazilian vehicle license plates. "A perfect opportunity for cybercriminals to carry out social engineering scams," the article states.
This massive data breach was detected by the dfndr enterprise artificial intelligence . After identifying the " suspicious indexing ," the dfndr lab (PSafe's digital security laboratory) forwarded a report to the National Data Protection Authority (ANPD).
Without identifying the origin or the manner in which this data leak occurred, the article warns of the seriousness of the situation. According to the report, with the exposed data, it would be possible to "open fake companies and accounts on social media" .
Click here to access the full article.
Coincidence?
On October 4, 2021, WhatsApp, Facebook, and Instagram went offline . It definitely wasn't a good year for CEO Mark Zuckerberg.
A year marked by scandals. From the spread of fake news and facilitating drug and human trafficking, to "legal problems for failing to guarantee safety for users."
Coincidence or not, on that same day (October 4, 2021), news emerged that data from 1.5 billion Facebook users was for sale on a hacker forum on the dark web .
Olhar Digital website , in this case, the data leak did not originate from a hacker attack. This database was allegedly obtained through scraping: a process that collects information left available due to user carelessness (public profiles) .
Click here to access the full article.
PIX vulnerability
In August, there was a leak of 414,500 Pix keys per phone number from the Bank of the State of Sergipe (Banese). At the time, registration data was leaked, but sensitive data (passwords and bank balances) was not exposed.
Finally, the same article reports a recent data breach on January 21, 2022: more than 160,000 Pix keys were exposed .
The security incident, which occurred between December 3 and 5, 2021 , exposed names , CPF numbers ( ), institutions , branch numbers, and account numbers . According to information from the Central Bank, the data breach did not affect the transactions of the 160,100 clients of Acesso Soluções de Pagamento .
Click here to access the full article.
These are good examples of the risks and damages that data breaches can cause to individuals and companies.
If you want to read more articles and case studies about data breaches, click here to access the Olhar Digital website page dedicated exclusively to this security incident.
You will find many news stories and articles, such as those about buying the data of millions of Brazilians for R$ 200 or about the data leak that compromised Panasonic , for example.
LGPD vs. personal data breach
The process of data breaches can result in crimes and offenses such as:
- Fraud
- Obtaining passwords.
- Credit card cloning.
- Social engineering to persuade, manipulate, and/or infect mobile devices, computers, networks, and systems to promote cyberattacks against individuals and businesses.
The General Data Protection Law (LGPD) seeks to protect freedom and privacy. In practice, it demands changes in the way personal data is collected, stored, processed, and used .
As a result, it impacts the administrative, legal, communication, and marketing areas. But, primarily, it impacts internet access technologies and information security .
Therefore, the LGPD (Brazilian Protection Law) encourages the adoption of measures against data leaks and to protect privacy .
Its purpose is to try to ensure that personal data is handled lawfully, appropriately, and securely .
includes both stored data (locally or in the cloud) and data in transit . Because of this, individuals and businesses have been seeking and researching secure and privacy-focused solutions, such as VPNs and DNS firewalls .
Ultimately, the pandemic necessitated social distancing. As a result, remote work grew exponentially . And even after the pandemic, working from home will not disappear .
On the contrary, the trend is towards an increase in the number of workers who will continue or start working from home. A trend that is expected to consolidate, even beyond 2022 .
When we talk about LGPD (Brazilian General Data Protection Law) and data breaches, we must be extra careful. After all, the fines are hefty . But, above all, because the damage to a company's reputation can be irreversible .
The main benefits of prevention
Prevention is the key to fighting data leaks , avoiding financial losses, and protecting companies' reputations.
In this sense, they need to be prepared. Which, in fact, doesn't have to be difficult or complex. After all, there are some simple, useful, and affordable solutions available on the market .
Without a doubt, managing internet access combined with data security is the way to prevent information security incidents, such as data breaches.
In practice, in addition to prevention , the best solutions on the market productivity and profitability indicators . Just do some research and compare.
Subscribe to our newsletter and receive more news and materials.
