Cyber Incident Victim: Individual Taxpayer Registry

In early January 2021, confidential data belonging to millions of Brazilian individuals and companies was illicitly disclosed and circulated online. The compromised information included sensitive details such as Individual Taxpayer Registry (CPF) numbers, Corporate Taxpayer Registry (CNPJ) identifiers, full names, and residential addresses. This breach represented one of the largest unauthorized data exposures in Brazil's history, impacting a vast number of citizens and entities. The threat actor known as "Vanda the God" was identified as a primary suspect in obtaining and disseminating the records. A second individual using the alias "JustBR" subsequently listed portions of the stolen dataset for commercial distribution on RaidForums, a cybercrime forum known for trading leaked information. The leaked data reportedly encompassed records of approximately 223 million Brazilians, constituting nearly the entire national population.

On March 19, 2021, Brazil's Federal Police executed Operation Deepwater, arresting 24-year-old Marcos Roberto Correia da Silva in Uberlândia, Minas Gerais. Silva, alleged to be "Vanda the God," was taken into custody as the suspected architect of the mass data compromise. Authorities seized his computer equipment and mobile phone during the arrest while executing additional search warrants related to the investigation. The operation specifically targeted the unlawful acquisition, distribution, and sale of citizens' confidential information, including data pertaining to government officials. Federal Police investigations confirmed the suspect's involvement in making private records publicly accessible through internet channels earlier that January. The arrest marked a significant law enforcement response to the breach, though inquiries into potential accomplices—including "JustBR's" role in monetizing the data—remained active components of the ongoing probe.