Back

Massive Data Leak Allegedly Affects 223 Million Brazilians

Severity: High (Score: 63.0)

Sources: Cybernews, Scworld

Summary

A hacker claims to have stolen 1.8 terabytes of sensitive data from Serasa Experian, affecting 223 million individuals, which exceeds Brazil's population of approximately 213.5 million. The leaked data includes CPF numbers, names, dates of birth, emails, and phone numbers. Cybernews researchers indicate that if the claims are legitimate, the dataset may contain information from both living and deceased individuals. The threat actor posted a sample file containing 5,000 records on April 8, 2026, but the actual data appears to be outdated, with no entries dated later than 2020. This incident follows a similar breach in 2021 that exposed extensive personal information of Brazilians and is currently subject to a lawsuit filed in January 2026. The validity of the new claims remains uncertain, as researchers suspect the data may be recycled from previous leaks. The situation is under investigation, and the potential for identity theft is significant. Key Points: • A hacker claims to have exfiltrated 1.8 TB of data from Serasa Experian, impacting 223 million individuals. • The leaked dataset includes sensitive information such as CPF numbers, names, and contact details. • Researchers suspect the data may be outdated or recycled from previous breaches, raising questions about its legitimacy.

Key Entities

  • Data Breach (attack_type)
  • Serasa Experian (company)
  • Brazil (country)
  • China (country)
  • Indonesia (country)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Elasticsearch (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed