Cyber Incident Victim: Boa Vista SCPC
Date:
Sep 2018
Location:
Brazil
Summary
A Brazilian credit bureau faced a potential data breach after hacker group Fatal Error claimed unauthorized access to its database, reportedly containing over 350 million personal records. The company initiated an internal investigation to verify the alleged compromise while acknowledging heightened cybersecurity risks in the region linked to expanding digital financial services. The incident highlighted growing threats to consumer data as internet and mobile-based transactions increased across Brazil.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 4, 2018, Brazilian credit bureau Boa Vista SCPC initiated an investigation into a potential large-scale data breach following claims by a hacking group known as Fatal Error. The group asserted it had gained unauthorized access to the company’s database, which reportedly contained over 350 million personal data records pertaining to customers. Boa Vista SCPC, a major player in Brazil’s credit reporting landscape, publicly acknowledged the claims via a statement to BNamericas, confirming an internal probe was underway to verify the alleged breach. The incident came to light after local newspaper Folha de S. Paulo reported on the hackers’ assertions, though neither the article nor the company disclosed specifics regarding the data types exposed, the duration of unauthorized access, or the methods used by the attackers. Boa Vista did not immediately confirm or deny the breach’s validity, emphasizing only that its investigation was ongoing. No evidence was provided at the time to substantiate Fatal Error’s claims, leaving the scope and severity of the incident unverified by independent sources.
The potential breach occurred against a backdrop of escalating cyber threats in Brazil, driven by increased reliance on internet and mobile platforms for financial services and daily transactions. While Boa Vista’s response focused on internal verification, the sheer volume of records cited—350 million—suggested significant risk to consumer privacy if confirmed, given the sensitivity of credit bureau data typically including identifiers, financial histories, and personal details. The company did not disclose mitigation steps, customer notifications, or coordination with regulators at the time of the initial report. Broader industry concerns highlighted in the article noted a rise in Brazilian cyberattacks targeting financial and personal data, though no direct link was established between this trend and the Boa Vista incident. The absence of subsequent updates in the provided source material leaves the investigation’s outcome, final impact, and any remedial actions unresolved within the documented timeline.