Cyber Incident Victim: Lopes

In early 2022, Brazilian real estate services firm Lopes experienced a data breach involving customer and internal documents. According to a threat actor group initially identifying as Matron Group (later referring to themselves as Boldenis77), they first compromised Lopes' systems in February 2022 through a backdoor intrusion. The attackers claimed to have targeted Lopes specifically as part of a broader effort to breach real estate companies handling large volumes of sensitive documents. By March 2022, Matron Group publicly disclosed images of Lopes documents and a 2.15MB data file, asserting they had accessed one or more company servers. Lopes responded to initial media inquiries by stating the files appeared exfiltrated from franchisee networks and that "no anomalies have been detected in the network’s systems," declining to provide further details. Media reports suggested the breach occurred at Lopes Prime, a subsidiary.

The incident escalated when Boldenis77 contacted DataBreaches.net months later, claiming possession of 13GB of Lopes data spanning December 2021 to May 2022. Analysis of provided samples confirmed internal documents, including customer/buyer information, with creation dates extending months after Lopes' initial denial of system anomalies. The attackers stated they made a ransom demand to Lopes executives Marcos Lopes and Cyro Naufel but received no response. Boldenis77 did not encrypt files but reportedly lost access to Lopes' systems later. Lopes failed to respond to multiple inquiries from journalists in July 2022 regarding the breach claims, notification of affected individuals, or security measures taken. No evidence indicated Lopes notified customers whose personal information was compromised, with two confirmed victims confirming they received no communication from the company. The final data disposition—whether leaked or sold—remained unverified at the time of reporting.