Serasa Experian and Experian: All Brazilians potentially impacted by alleged breach of Experian subsidiary

Massive Data Breach Exposes Personal Records of 223 Million Brazilians via Serasa Experian

A threat actor has claimed to steal 1.8 TB of sensitive data from Serasa Experian, the Brazilian arm of global credit risk firm Experian, exposing records belonging to 223 million individuals a number exceeding Brazil’s entire population. The leaked dataset includes 5,000 detailed records containing CPF numbers (Brazil’s equivalent of Social Security numbers), full names, birth dates, emails, gender, phone numbers, and job titles. Researchers warn the breach may encompass data from both living and deceased individuals.

The exposed information poses severe risks, as CPF numbers, occupations, and phone details could enable criminals to impersonate bank officials or government agents, facilitating fraud and financial theft. This incident follows a 2021 breach in Brazil that leaked salary data, facial images, addresses, credit scores, and contact details an event now tied to an ongoing lawsuit in the English High Court.

Brazil joins Indonesia and China among nations hit by large-scale data exposures in recent years, underscoring the growing threat of cyberattacks targeting vast troves of personal and financial information.

Source: https://www.scworld.com/brief/all-brazilians-potentially-impacted-by-alleged-breach-of-experian-subsidiary

Serasa Experian cybersecurity rating report: https://www.rankiteo.com/company/serasaexperian

"id": "SER1775860315",
"linkid": "serasaexperian",
"type": "Breach",
"date": "1/2021",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '223 million individuals',
                        'industry': 'Financial Services',
                        'location': 'Brazil',
                        'name': 'Serasa Experian',
                        'type': 'Credit Risk Firm'}],
 'data_breach': {'data_exfiltration': '1.8 TB of sensitive data',
                 'number_of_records_exposed': '223 million individuals',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['CPF numbers',
                                              'Full names',
                                              'Birth dates',
                                              'Emails',
                                              'Gender',
                                              'Phone numbers',
                                              'Job titles']},
 'description': 'A threat actor has claimed to steal 1.8 TB of sensitive data '
                'from Serasa Experian, the Brazilian arm of global credit risk '
                'firm Experian, exposing records belonging to 223 million '
                'individuals. The leaked dataset includes CPF numbers, full '
                'names, birth dates, emails, gender, phone numbers, and job '
                'titles. The breach may encompass data from both living and '
                'deceased individuals, posing severe risks for fraud and '
                'financial theft.',
 'impact': {'brand_reputation_impact': 'Severe',
            'data_compromised': '1.8 TB of sensitive data',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Ongoing lawsuit in the English High Court'},
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': 'Ongoing lawsuit in the English '
                                            'High Court'},
 'title': 'Massive Data Breach Exposes Personal Records of 223 Million '
          'Brazilians via Serasa Experian',
 'type': 'Data Breach'}