Центральний Банк Бразилії повідомив вчора (19) про виникнення ще одного інциденту безпеки з особистими даними пов'язаними з ключами Pix. This time, інформація експонована була під охороною і відповідальністю SHPP Бразилія Інституція платежу та Послуги платежів LTDA, a Shopee. Як у інших з 14 разів, в яких подібні випадки були повідомлені органом, the news was accompanied by an attempt to reassure that the data in question did not harm consumers since they are not related to processes that affect the movement of money. Despite that, експерти попереджають що цей тип підходу може призвести до зменшення розуміння про серйозність теми і дозволити, щоб люди падали в майбутні шахрайства з використанням цих даних
The partner of DeServ Academy, Bruna Fabiane da Silva, elected one of the 50 Best Women in Cybersecurity in the Americas by WOMCY (LATAM Women in Cybersecurity, стверджує що навіть інформація викладена будучи лише кадастрового характеру, as a name, CPF, установа відносин, агенція, номер і тип рахунку, people whose data has been leaked need to stay alert because they can become victims of scams like phishing and others that use social engineering.It is important to consider that this is a significant breach of the confidentiality of information which is data security, comment
According to her, normally these cases occur due to failures in the practices of privacy by design and privacy by default, what are, inclusive, requirements of data privacy legislation. When this incident occurs, we have a data breach that affects the rights guaranteed by the LGPD
"Right in the month of September", when does the LGPD turn 4 years old, this type of situation needs to serve as a lesson learned in the sense that all companies need to have strategies to mitigate the risk of data breaches.The LGPD goes beyond aspects of information security and legal matters. When seeking a procedure within personal data organizations, it is important to consider information security as a form of planning for any project or service. Because throughout the entire lifecycle of this information, protections must accompany it until the destruction of data, which also needs to be secure, affirms
According to her, to avoid the occurrence of point failures in systems it is essential to observe the entire development pipeline of applications and systems from the programming and testing phase to when it goes into production. This monitoring is required precisely to prevent possible problems and failures before they even occur
The specialist advises all companies that handle personal data to develop continuous improvement processes covering both the legal aspect and information security. During all stages of data processing, it is essential to seek immediate compliance with the LGPD.The legislation itself requires that a data protection impact report be made and the company needs to be structured so that it has these processes well underway to manage potential risks, affirms
