On Friday (3), Folha and UOL reported that criminals are selling complete data on virtually all Brazilians on the internet. The service works like a kind of Netflix. The user pays a monthly subscription of R$200 and, while a subscriber, can have access to complete and well-organized databases of anyone.
Capillarity and detail are impressive. In addition to domicile, cell phone numbers, name and complete data on relatives and neighbors, or equity interests, the databases also gather information on income, credit analysis and even data from the National Weapons System, operated by the Federal Police. It is possible to know, for example, who are the people who have guns attached to their name.
The novelty here is not the “doomsday leak” per se. This one has already happened and continues to be fed as new data comes in all the time to update the old ones.
The novelty is that more and more obscure, unidentified sites are appearing to offer these organized databases and charge for their access. The raw material, the data, is everywhere. It is the result of years of neglect of cybersecurity, bad decisions by public authorities and data leaks from private companies.
From this raw material, a hydra of a thousand heads emerges. The website revealed by Folha is just one among countless others that offer a similar type of access and organization of data. It is even reductionist to speak of a “site”. That’s because the channels for getting this data are multiple: whether in messaging apps, social media groups, and so on. If one hydra head is cut off, another ten may appear.
The legal problem here has two characteristics. With regard to public data, which are available online, the deviation of purpose is noteworthy. The LGPD (General Data Protection Law) allows the use of public data, but the resulting uses and services must respect the purposes provided for that data, in addition to ensuring the rights of the holders provided for in the LGPD. This is not done through these illicit channels. Most of them offered by websites abroad and without any identification.
The other problem is that there are also private bases being offered. In relation to these, it is information of restricted use, which should not be widely circulated. In this case, it is very likely that there was a leak or illegal access (which in practice amounts to the same thing). These cases hurt the LGPD.
What to do? First, every citizen must start from the premise today that all of their data is exposed. This is an existential condition of being Brazilian. This requires care and costs that fall on each person’s back.
Furthermore, the whole situation is a wake-up call for the country to rethink its identification structure. As data that leaks cannot be “leaked”, how about completely rethinking the identification system, in a more inclusive and secure way, and reducing bureaucracy in people’s lives? It would be a way to transform the absurdity of this leak into a better system for everyone.
Reader
It’s over Attacks only on Earth
Already cyberspace attacks
It’s coming Space attacks (satellites are becoming targets of attacks, albeit reversible, every day)
.
I have over 8 years of experience in the news industry. I have worked for various news websites and have also written for a few news agencies. I mostly cover healthcare news, but I am also interested in other topics such as politics, business, and entertainment. In my free time, I enjoy writing fiction and spending time with my family and friends.
