Cyber Incident Victim: Telefônica Brasil S.A.
Date:
Feb 2021
Location:
Brazil
Summary
A significant data breach exposed personal information of over 102 million Brazilian mobile phone users, impacting customers of two major telecom operators including Vivo. Compromised data encompassed names, taxpayer registration numbers, call duration records, and sensitive details extending to high-profile individuals. A foreign-based threat actor claimed responsibility for acquiring and selling approximately 57.2 million records from one operator and 45.6 million from another on dark web markets. Cybersecurity researchers identified the incident but found no conclusive evidence linking the telecom companies to the source of the exposure, with both firms denying any security compromise. National data protection authorities initiated an investigation involving law enforcement and the implicated organizations to assess risks and mitigate potential harm. This incident followed another extensive leak affecting hundreds of millions of citizens' financial and identity records earlier in the same period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2021, cybersecurity firm Psafe discovered a significant data exposure involving information from over 102 million Brazilian mobile phone lines. The leaked datasets included 57.2 million customer records allegedly from telecommunications provider Vivo and 45.6 million records from competitor Claro, according to a cybercriminal advertising the data for sale on dark web forums. The exposed information contained sensitive consumer details such as names, taxpayer registration numbers, call duration records, and other unspecified personal data. Brazilian news outlet Neofeed reported that the leaked records even included information about President Jair Bolsonaro. The external threat actor, operating from outside Brazil, claimed responsibility for obtaining and marketing the datasets. Both Vivo and Claro denied their systems had been compromised or that any customer data had leaked from their infrastructure. Psafe's investigation could not conclusively establish the mobile operators as the source of the exposed information despite the cybercriminal's claims.
Brazil's National Data Protection Authority (ANPD) initiated an official investigation into the incident on February 11, 2021, marking the country's second major data leak investigation that year. The regulatory body announced it was coordinating with the Federal Police and had formally summoned both the reporting entity (Psafe) and the implicated telecommunications companies to assist the probe. The ANPD emphasized implementing measures to contain risks and mitigate potential harm to affected consumers' personal data. This incident followed another massive data exposure earlier in 2021, where details of 223 million Brazilians—including deceased individuals—had been leaked, containing comprehensive personal and financial information. The authority's response represented an early test of Brazil's newly established data protection framework, as the ANPD had just released its initial operational strategy the preceding week. No forensic evidence confirming the origin of the data or technical details about the breach methodology was disclosed publicly during the initial investigation phase.