Data leaks are a serious and current security incident. Its scope challenges the management of internet access and generates countless doubts and uncertainties. Regardless of the form or origin, data leaks are a certain loss for individuals and companies .
For these reasons, it would be difficult for us to provide all the information and characteristics of this occurrence in just one article. So, Lumiun Blog starts a series of articles about data leaks .
What is data leakage?
Data leakage is the undue exposure and without prior consent of personal, sensitive, confidential, biometric, behavioral, confidential, registration or navigation data, for example.
Without a doubt, a serious problem that exponentially increases the risks and the occurrence of scams and virtual fraud .
As a result, the data leak process causes losses of all types : financial, property, moral, strategic, competitive, personal, etc.
But, before we discover the dimensions and perspectives involved in this digital crime, it is worth highlighting that data leakage is a process that involves at least three steps:
- Access (improper).
- Collection (unauthorized).
- Public disclosure or sale.
That is, before unauthorized exposure by “data owners” , there will be violations of improper access and collection .
In other words, data leaks do not happen overnight or in isolation. According to the definition of “process”, the crime of undue exposure of data occurs from a “continuous and ordered sequence” of actions .
A data leak begins through unauthorized access (accidental, intentional or illicit) and leads to public exposure or sale.
Anyway, data leaks are one of the most well-known security incidents. After all, it is a breach of information security, which puts holders' rights at risk or results in destruction, loss or inappropriate treatment .
How does a data leak happen?
A data leak is a big deal for cybercriminals. Mainly because it favors and facilitates the application of a huge variety of scams and cyberattacks .
One of the common characteristics of this process is the increase in malicious attack attempts against individuals and companies following a data leak.
Typically, data leaks are caused by vulnerabilities and/or failures in information security and internet access . Also, in situations such as:
- Data theft
- Cyber attacks
- Malicious codes
- Using weak passwords
- Action by employees or former employees
- Loss or theft of equipment
- Negligence in disposing of equipment and media
- Unprotected data transfer
- Hacking personal, business or online data storage systems
- Improper and/or illicit collection of browsing data
- Malicious applications and websites, which treat data differently than reported
- Excessive data collection without users’ knowledge
- Lack of technical culture and policies for managing internet access and data security
- Outdated or pirated software and applications
- Account hacking
- Malpractice and/or recklessness online when disclosing personal data and filling out registrations and observing privacy settings
- Insecure connections
Security incidents with personal data
Before we go any further, I suggest watching two quick and interesting videos. They will assist with security incidents and data leaks, the LGPD supervisory body ( National Data Protection Authority – ANPD ) and the protection of personal data.
Firstly, Understand the risk of personal data leaks (6:53), from CNN Brasil Business .
Second, Security incidents, encryption and ANPD inspection (9:47), produced for Personal Data Protection Week 2022 .
How to prevent data leakage
In principle, to prevent data leaks and minimize the risks of cyberattacks, business owners, IT professionals and managers must look inside their business .
In the vast majority, employees are the gateway to cyber attacks on companies and data leaks.
Therefore, it is necessary to train employees , establish and maintain a structured data security and internet access management policy .
Certainly, measures as relevant as security solutions, technologies and systems .
This way, companies and entrepreneurs have less chance of suffering losses from data leaks and other cybercrimes. Of course, there is no magic solution or invulnerable system .
However, it is the first step to minimizing risks . Well, the list of situations in which data leaks can occur is long.
What to do in case of a data leak
Attention and prevention! In fact, prevention is always the best medicine.
Knowing in depth the main risks and vulnerabilities is the first step to preparing your company and knowing what to do in the event of a data leak.
A lot of information, planning compliance processes and establishing internet access and data security policies are essential steps.
Likewise, in the event of an incident, know who to turn to, who to notify and how to notify .
Simply put, it is: preparing the company to avoid losses from data leaks .
However, the subject is extensive and has variables that require efficiency, efficacy and effectiveness in each process and stage .
Biggest data leaks of 2021
Brazil jumped from sixth place to first place globally in data leaks . A sad statistic. See below some events that made this fact real.
From bad to worse
According to a report published on CanalTech , on December 16, 2021 , in the first 11 months of the year, 24.2 million profiles were exposed “through attacks or breaches in systems”.
Click here and access the full article.
The first in the world
However, on December 18, 2021 , CNN Brasil published an interview with digital crime expert Wanderson Castilho .
In the report, the expert states that, after calculating the number of data exposed by the hacker attack on the Ministry of Health's system, “more than 227 million Brazilians' data were exposed” .
Thus, Brazil surpassed the United States in more than 14 million exposed data , according to the CanalTech report ( Brazil is the sixth largest country in total data leaks ).
Click here and access the full article.
Monster leak
Public website leaked 426 million personal data and 109 million CNPJs, in addition to Brazilian vehicle license plates. “A full platform for cybercriminals to carry out social engineering scams”, states the article.
This monster data leak was detected by dfndr enterprise artificial intelligence . After identifying the “ suspicious indexing ”, the dfndr lab (PSafe digital security laboratory) sent a report to the National Data Protection Authority (ANPD).
Without identifying the origin or how this data leak occurred, the article warns of the seriousness of the situation. According to reports, with the exposed data, it would be possible to “open fake companies and accounts on social networks” .
Click here and access the full article.
Coincidence?
On October 4, 2021, WhatsApp, Facebook and Instagram went offline . This has definitely not been a good year for CEO Mark Zuckerberg.
A year marked by scandals. From spreading fake news, facilitating drug and human trafficking, to “legal problems for not guaranteeing safety for users”.
Coincidence, or not, on that same day (October 4, 2021), news broke that data from 1.5 billion Facebook users would be for sale on a hacker forum on the dark web .
According to the article on the website Olhar Digital , in this case, the data leak did not originate from a hacker invasion. This database would have been obtained by scraping: a process that collects information left available due to users' carelessness (public profiles) .
Click here and access the full article.
PIX vulnerability
414,500 Pix keys were leaked of the State Bank of Sergipe (Banese). At the time, registration data was leaked, without exposing sensitive data (passwords and bank balances).
Finally, the same article reports a recent data leak, on January 21, 2022: more than 160 thousand Pix keys were exposed .
The security incident, which occurred between December 3 and 5, 2021 , exposed names , CPFs , institutions , branch and account numbers . According to information from the BC, the data leak did not affect the movement of the 160.1 thousand customers of Acesso Soluções de Ação .
Click here and access the full article.
These are good examples of the risks and losses that data leaks can cause for people and companies.
If you want to read more articles and cases of data leaks, click here and access the page on the Olhar Digital website dedicated exclusively to this security incident.
You will find a lot of news and articles: such as buying data from millions of Brazilians for R$200 or about the data leak that compromised Panasonic , for example.
LGPD x personal data leak
The data leak process can result in crimes and infractions such as:
- Fraud
- Obtaining passwords.
- Credit card cloning.
- Social engineering to persuade, manipulate and/or infect mobile devices, computers, networks and systems to promote cyberattacks on people and companies.
The General Personal Data Protection Law (LGPD) seeks to protect freedom and privacy. In practice, it demands changes in the way personal data is collected, stored, processed and used .
As a result, it impacts the administrative, legal, communication and marketing areas. But, mainly, internet access and information security technologies .
Therefore, the LGPD is an incentive to adopt measures against data leakage and privacy protection .
Its purpose is to try to ensure that personal data is processed lawfully, appropriately and securely .
Both stored data (locally or in the cloud) and data in transit . As a result, individuals and companies have been looking for and researching solutions with security and privacy, such as VPN and DNS firewall .
After all, the pandemic required the need for social distancing. Thus, remote work has grown exponentially . And, even post-pandemic, the home office will not be abolished .
On the contrary, the trend is for an increase in the number of workers who will continue or start working from home. A consolidated trend, even beyond 2022 .
When we talk about LGPD and data leaks, we must pay extra attention. After all, the fines are heavy . But, above all, because the damage to companies' reputations can be irreversible .
The main benefits of prevention
Prevention is the keyword against data leaks , to avoid financial losses and protect companies' reputations.
In this sense, they need to be prepared. Which, in fact, doesn't need to be difficult or complex. After all, there are some simple, useful and affordable solutions available on the market .
Without a doubt, managing internet access combined with data security is the way to prevent information security incidents, such as data leaks.
In practice, in addition to prevention , the best solutions on the market productivity and profitability indicators . Just search and compare.
Subscribe to our newsletter and receive more news and materials.