Yesterday, user Sorb published on the cybercrime forum “breachforums” the sale of an alleged database containing sensitive information from Brazil’s Fundo de Garantia do Tempo de Serviço (FGTS) system.
FGTS is a mandatory savings account system for Brazilian workers, managed by Caixa Econômica Federal. It contains extensive personal and financial data of millions of Brazilian citizens.
According to screenshots of the forum post, the database allegedly contains more than 39 million records with detailed personal information, including full names, phone numbers and documents, birth dates, and addresses of Brazilian citizens.
A sample JSON record shared in the post reveals the extensive nature of the data, including benefit details, loan information, and banking data. If authentic, this leak would represent a massive privacy breach for millions of Brazilians.
The seller claims that the database is being offered for US$1800 (about R$10,000 at today’s exchange rate), with the option to use an escrow service for the transaction, where a forum moderator or administrator mediates the sale, guaranteeing both the data and the values.
It’s crucial to note that we cannot confirm the legitimacy or origin of this data. However, the mere possibility of such a breach highlights critical cybersecurity concerns:
The potential for large-scale identity theft and financial fraud targeting Brazilian citizens.
Questions about the security measures in place to protect sensitive data held by the government.
The ongoing challenge of protecting large databases containing personal information.
After analyzing the provided sample file, we can extract the following observations:
Data Structure: The file contains a significant number of columns, indicating a comprehensive dataset. The information includes personal, financial, and benefit details.
Personal Information:
- Full name
- Date of birth
- Document number (possibly CPF)
- Complete address, including street, city, state, and ZIP code
- Phone numbers (in some cases, multiple numbers)
- Calculated age
Benefit Details:
- Benefit number
- Benefit type
- Benefit amount
- Paying agency
- Benefit start date
Banking Information:
- Bank code
- Branch number
- Account number (in some cases)
Loan Details:
- Loan amount
- Discount start date
- Discount end date
- Number of installments
- Installment amount
- Loan type
Sample File Characteristics:
- Records appear to be primarily of older people, with many birth dates in the 1950s and 1960s
- Most records are from the state of Alagoas (AL), suggesting it might be a regional subset of the complete database
- There are various types of benefits, including retirements and possibly disability benefits
Security Implications:
- The combination of detailed personal information with financial data represents a significant risk for identity and financial fraud
- Phone numbers and complete addresses make victims vulnerable to targeted phishing attacks and other forms of social engineering
- Loan information could be used to create sophisticated fraud schemes, exploiting knowledge of victims’ existing financial terms
This incident serves as a stark reminder of the importance of robust cybersecurity measures for critical infrastructure and government systems. It also highlights the need for continued vigilance in protecting personal data in an increasingly digital world.
More Information About User Sorb:
This actor demonstrates being a diversified user and criminal in the illegal trade of sensitive information, with a series of recent posts offering data from various regions of the world.
Sorb’s geographic scope is notable, covering countries such as Brazil, India, Malaysia, and Indonesia. This distribution suggests a global network of sources or significant capability to exploit vulnerabilities in diverse systems. Particularly alarming is the scale of the advertised leaks, ranging from hundreds of thousands to hundreds of millions of records, indicating massive data compromises.