Cyber Incident Victim: Claro
Date:
Feb 2021
Location:
Brazil
Summary
A significant data breach exposed personal information of over 102 million mobile phone customers from two major Brazilian operators, including Claro, with compromised data encompassing names, taxpayer IDs, call records, and sensitive details linked to high-profile individuals. A foreign-based threat actor claimed responsibility for acquiring and selling the datasets on dark web forums, though cybersecurity investigators could not conclusively verify the operators as the source, with both companies denying any security lapse. Brazil's data protection authority initiated an investigation involving federal law enforcement and the implicated organizations to assess risks and mitigate potential harm to affected consumers, marking the country's second major leak incident within a short timeframe.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2021, cybersecurity and privacy firm Psafe discovered a significant data leak involving the exposure of personal information from over 102 million mobile phone lines in Brazil. The compromised data included names, taxpayer registration numbers, call duration records, and other unspecified details, with reports indicating information related to President Jair Bolsonaro was among the exposed records. A cybercriminal operating outside Brazil claimed responsibility for obtaining 57.2 million customer datasets from telecommunications provider Vivo and 45.6 million datasets from competitor Claro, subsequently offering this information for sale on dark web marketplaces. Both mobile operators denied their systems were the source of the breach, with no evidence found to directly link the leaked data to their infrastructure at the time of discovery. The scale of the incident positioned it as Brazil's second-largest data exposure event of the year, affecting a substantial portion of the country's mobile consumer base.
Brazil's National Data Protection Authority (ANPD) initiated a formal investigation on February 11, 2021, eight days after the leak's discovery. The regulatory body announced coordinated efforts with the Federal Police and summoned both the reporting entity (Psafe) and the implicated telecommunications companies to assist in containment and mitigation measures. The newly established authority, which had recently published its initial strategic framework, sought organizational cooperation to investigate the incident's origins and address risks to affected consumers. This incident followed another major data exposure earlier in 2021, where records of 223 million Brazilians – including deceased individuals – containing addresses, income details, vehicle information, and tax returns had been leaked and sold on dark web platforms. The ANPD emphasized it was pursuing all appropriate investigative actions but did not disclose specific technical findings or remediation timelines related to the telecommunications data breach.