Find out what to do in case of personal data leak

Data leaks happen systematically. If you have been a regular user of the internet for the last 5, 10 or 15 years, I need to tell you something annoying: you probably already had some personal data leaked. It can be password, email, physical address or phone, sometimes GPS location and even bank details, you had some of this information exposed at some point in your virtual life.

This does not diminish the problem that all Brazilians are experiencing – and, unfortunately, it seems, even those who have already died: Brazil has a population of 209.5 million people, and the latest leak involves more than 220 million people. Brazilians.

It is worth noting that this leak also comprises 104 million vehicles and 40 million companies

It is not yet known what the source is, who is responsible for that information and who made the serious mistake of letting that data flow. Still, security experts on social media and even ordinary Internet users get the ball rolling that Serasa Experian would be to blame. The company denies it and, meanwhile, police authorities, journalists, institutions and bodies are already investigating the case.

It’s not your fault, prevention is unfortunately

Banks have spent years building insurmountable fortresses, so stealing money from these institutions is practically an impossible task. Stealing money online is no different: banks have spent years refining their cybersecurity to avoid being attacked.

Most large institutions follow the same path: teams and squads dedicated to online protection

However, this attitude is not educational for the user / client and efforts to send tips via SMS or a lame e-mail are practically ineffective. Today, after banks and companies have built this fortress, the cyber defense of your money and data is entirely yours.

Just an addendum on this point: leaving cybersecurity in the hands of the user / client is practically criminal, mainly because we live in a country with such distant social classes, such different accesses and the lack of planned education. The company, or bank, just saying that Seu João and Dona Maria should activate the app’s second authentication factor is scary.

Okay, what do I do?

It looks sad, and it is. There is no silver bullet to protect yourself, but you can make life difficult for cybercriminals and stay tuned in the movements that involve your CPF.

First: layer protection. Just like a castle that has gullies, bridges and walls, you also need more protection. Below, we will put the tips in a specific and generic way.

To go with

  • Regularly monitor invoices and bank statements.
  • Track your CPF at the Central Bank’s Registrato. There, you have free consultation to reports of Pix keys, loans, financing, bank accounts and others.
  • Access Have I Been Pwned: the site shows emails and passwords that have already been leaked and where they leaked.
  • Ok, let’s talk about Serasa AntiFraude, even though the company may have been responsible for the leak: Serasa AntiFraude offers CPF monitoring and alerts to the user.
  • The IRS website has its own area for specific monitoring.

Preventive actions

  • Enable second authentication factor on all accounts: to learn more about it, go to Understand why you need to double-check security on everything.
  • Enable security PIN on everything, especially on WhatsApp. The security PIN is more important than the second authentication factor, as it is required from time to time and with each new login. If a criminal clones his chip to receive SMS, he still has that barrier to pass.
  • Did you receive a call, email or message asking for data or information? Even if the person on the other end of the line knows all your data, hang up the phone and look for another contact: if in doubt, be proactive and call the bank at the number that appears behind the credit card. If you are using landline, make another generic call first to ensure that no one has held the line.
  • Ignore suspicious messages and emails. Whenever you have any questions, seek another means of official contact.
  • Download an antivirus on your device and PC, as it is always good to have an extra layer of security.
  • When using e-commerces (online stores), just check out new information within the platform itself.
  • Use long passwords: more important than variety of letters, numbers and symbols, size matters (no jokes).
  • Do not repeat passwords on different accounts.
  • Use a password manager to not forget and be more secure (tip: LastPass).
  • Track balance and bank statement frequently.
  • Always use virtual cards for online purchases (available in your bank’s app)
  • Check the Pre Registration to check your CPF at operators

Let’s leave this collaborative list? Comment your tip down here, sometimes we miss something.

How to report to TecMundo

TecMundo supports the work of ethical hackers. If you can’t get any resolution for failure or vulnerability due to difficulty in contacting a company, talk to us. Our reporting channels are:

Leave a Comment