A ZenoX, threat intelligence company of the Dfense Group, specialized in AI-based solutions, highlights the seriousness of the recent leak of banking data of about 250 thousand Brazilians, detected this Wednesday (27). The information, exposed in a criminal forum on the dark web, include sensitive customer data from at least six institutions in the personal credit sector: Sincronos, Ephesus Capital, CredCenter, GoldenBank, AlwaysPromoter, MegaPromoter and ProntoPay. The discovery was made by the intelligence team of ZenoX, reinforcing the urgency of robust measures for data protection in the financial sector
The data includes personal documents, financial information (credit card numbers), proof of address and selfies. "Data of this nature", when in improper hands, can be used for attempts at fraud in various financial institutions, including undue requests for loans and payroll-deducted credits, account opening, in addition to elaborate scams using social engineering with real customer data. The authenticity of the leaked data can make these frauds particularly convincing, comment Danrley Souza, Threat Intel Leader at ZenoX
Gabriel Paiva, The CEO of the Dfense Group also highlights the legal and regulatory implications for the affected companies: "In the regulatory and legal scope, companies may face significant sanctions from BACEN and other financial regulators, in addition to investigations related to the LGPD. This may result in lawsuits filed by affected clients and substantial costs with mandatory notifications and legal adjustments. The impact on the institutional image of companies can affect not only the relationship with current customers, but also compromise future business opportunities and strategic partnerships in the financial sector,"warns the executive"
Finally, Souza mentions some measures to act quickly and minimize damage if the user is a victim of a data leak. They are:
- Contact your financial institution, notifying the bank about unauthorized transactions and requesting the blocking of compromised cards or accounts
- Gather evidence, like emails, messages or screenshots that may be useful for future investigations
- Register a Police Report (BO), formalizing the complaint at a police station or through online channels to assist in the investigation of cybercriminals
- Monitor statements and credit reports, monitoring financial transactions to identify suspicious activities and inform the responsible authorities to prevent the misuse of stolen data
