This Week in Data Breaches: Data of 92 Million Brazilians For Sale Online
Welcome to our round-up of the latest data breaches, leaks, and privacy intrusions from around the world. This week: personal information of 92 million Brazilians found for sale online, 37,000 Canadians compromised in TransUnion Canada data breach, and nearly one million New Zealanders potentially impacted by a breach at a major health care provider.
Personal Information of 92 Million Brazilians For Sale Online
Earlier this month, BleepingComputer reported that a database containing the personal information of 92 million Brazilians was being auctioned on a dark web forum. The seller was also advertising a service to dig up personal data on any Brazilian starting from only basic information. It is unclear who exactly is selling the data.
The database weighed in at 16GB with the starting price for the auction set at $15,000. Records contained the names, dates of birth, and tax ID numbers (Cadastro de Pessoas Físicas) of nearly half the Brazilian population. BleepingComputer verified that the information was accurate and it appears that it was a stolen government database.
Using this stolen information as a starting point, the seller claimed to be able to retrieve additional information on individual Brazilians from national identification documents, including phone numbers, addresses, email addresses, employment history, education level, relatives, license plates, and vehicles. In all likelihood the seller is in possession of or has access to additional databases than the one that is for sale that contain this information.
37,000 Canadians Compromised by TransUnion Data Breach
TransUnion Canada acknowledged that the credit information of 37,000 Canadians may have been exposed. According to the company, someone used one of its business customer’s login credentials to gain unauthorized access to consumer credit files. TransUnion discovered the breach in August and began notifying customers earlier this month.
In a notification letter sent to consumers, TransUnion said, “By way of background, TransUnion operates a portal through which our business customers can retrieve consumer credit files for permitted purposes. An unidentified person illegally obtained CWB National Leasing’s access code and password to the portal, which has permitted access to some of TransUnion’s credit file information between approximately June 28 and July 11, 2019.”
Using a name, address, date of birth, or Social Insurance Number, the attacker would have been able to view a consumer’s addresses, credit balances, and repayment information. TransUnion is offering two years of free credit monitoring to affected consumers.
Canadians have been impacted by a string of data breaches at credit bureaus and financial institutions over the past two years. Earlier this year, a data leak at Desjardins exposed data on 2.7 million Canadians. In 2017, Equifax’s massive breach exposed the personal information of 19,000 Canadians.
New Zealand Health Care Provider Hacked, Data of Millions of New Zealanders Potentially Exposed
New Zealand health care provider Tu Ora Compass Health disclosed that it potentially exposed the health data of nearly 1 million New Zealanders. The company was hacked in August, which led investigators to the discovery of multiple attacks against the company that were carried out between 2016 and 2019.
The company’s CEO, Martin Hefford, said in a statement, “We are devastated that we weren’t able to to keep people’s information safe. While this was illegal and the work of cybercriminals, it was our responsibility to keep people’s data safe and we’ve failed to do that.”
Tu Ora stores health information dating to as far back as 2002. Compromised information includes names, dates of birth, addresses, enrollment data, and National Health Index numbers. Anyone from the greater Wellington, Wairarapa, and Manawatu regions who registered with a medical center between 2016 to 2019 could be affected.
Tip of the Week
We hear from readers all the time who want to know how they can themselves online amidst all of these data breaches. Knowing where to start can be difficult, so each week we will be sharing a new tip to help you safeguard your data and protect your privacy online. Last week’s tip: enable two-factor authentication to secure your accounts.
This week, sign-up for free data breach monitoring from Bloom Radar.
Bloom Radar monitors data breaches and alerts you when your information has been involved in a breach. With Radar, you can see all of the major breaches that your information has been found in, get alerts when new breaches occur, and take steps to protect yourself.
Getting started with Radar is as easy as 1, 2, 3:
1. Open or download the Bloom mobile app
2. Enroll in Radar: Subscribe to Radar with your email address directly from the Bloom app.
3. Get Alerts and Take Action: Radar monitors data breaches and notifies you when new breaches occur, from the app you can track alerts and find out exactly what steps you can take to lock down your data and protect your identity.
Make sure to also check out our in-depth security and privacy guides:
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.
It’s time to take back control of your data and unlock the power of a secure, reusable identity today. Download the Bloom mobile app to build a cryptographically secure identity and get free data breach alerts with Radar!