Someone is auctioning on underground forums a database allegedly containing personal information of 92 million Brazilian citizens. They claim that every record is real and unique.The seller also advertises a search service focused on Brazilians, saying that they can dig up details about an individual starting from minimum initial data.
[92 Million unique] records of almost every [Brazilian] citizen on sale in Underground forums. The actor also offers service to find records about any individual with small initial information living in Brazil.#intelhunt #brazil #threatdiscovery #breached
— Breach Radar (@RadarBreach) September 27, 2019
There is a trend that can be seen across both the public and the private sector. Typically, security spend has been associated with maintaining regulatory compliance. If that budget can be minimized and compliance can be achieved, the business can continue operating. As we have seen, there have been many high profile data breaches that have had serious financial implications to the affected organizations who met their regulatory compliance objectives.
The potential exposure of such a large database of data is worrying, and shows that cybercriminals are becoming more and more motivated by the potential monetary gain of selling personal identifiable information – which has become a kind of currency on the dark market. Organisations and governmental bodies need to consider going above and beyond the security measures recommended as standard practice, or they will find themselves unprepared. When retaining this kind of data it is critical to choose an encryption solution that not only protects the database instances but also provides protection for data in transit and at rest.
The potential exposure of 92 million records of Brazilian citizens is the latest in a long line of high profile data breaches targeted at public institutions, and proves our current data protection model is woefully inadequate. Data breaches happen daily, in too many places at once to keep count – and cybercriminals aren’t likely to let up anytime soon. Organizations – public and private – need to become smarter at protecting data to mitigate the risk to their customers and their own companies. New resources will need to be allocated to the IT and security teams in the form of additional, well-trained cybersecurity staff and the right detection and threat intelligence technology in place.