THE Procon of São Paulo notified the telephone operators Claro Oi, TIM and Vivo and the digital security company Psafe to provide information about the alleged data leak from over 100 million cell phones. Companies have 72 hours to respond starting this Wednesday, 17.
Teles must confirm that personal data from their bases have been leaked and, if so, explain the reasons for the incident, detail what measures have been taken to contain it and inform what they will do to repair the damage caused by the incident and prevent the failure happens again.
Psafe, which already confirmed to the press the leak of almost 103 million accounts on the dark web with sensitive information, should explain how it was informed about the data leak and what motivated it to make it public, according to Procon -SP.
Psafe reported that it was approached by a hacker who is outside Brazil and is selling the leaked data.
Procon-SP wants Psafe to clarify how the contact with the hacker who reported the leak occurred; what information was leaked; and whether the leak occurred only in the environment known as the “dark web”.
“These leaks are very serious and will allow many blows to be applied. Procon-SP is already investigating and asks people to exercise extreme caution, be wary of everything and never pass on personal data or go to websites they do not know about ”, warns Procon-SP executive director, Fernando Capez.
Teles were also asked about their personal databases – purpose and legal basis for the treatment of personal data, data disposal and storage policy – and what technical and organizational measures are adopted to comply with the provisions of the General Protection Law (LGPD).
The LGPD came into force in September 2020 to discipline the rules on the treatment and storage of personal data, to reestablish control over its information to the data subject and to protect the fundamental rights of freedom and privacy.