Bradesco announced that its subsidiary Bradesco Financiamentos detected a data leak on approximately 53 thousand customers. The company reported that a minor incident was found that may have allowed unauthorized viewing of customer contracts.
“All the necessary measures for the solution of the incident, as well as communication to customers and the competent authorities, have been adopted,” the bank said in a statement sent to the Reuters news agency.
Bradesco also informed that the possible leak did not jeopardize the integrity of access to customers’ transactional systems.
“Unfortunately, the leakage of personal data by financial institutions is increasingly common and recurrent. They usually claim that the leaked data is registration data and that it is not data that could compromise the owner or that has some level of problematic risk for customers and users in terms of access or financial transactions. This minimizes the negative impact on the leak news, but does not remove the real damage and the assumption that it did not create risk for customers. We were able to understand the level of protection that banks invest in the issue of their password portals to prevent theft from happening, but it is clear how they leave the security of registration data in the background. This increases the frequency of unauthorized persons gaining access to data or customers being exposed to a vulnerability. Showing the level of risk and low effort of institutions in terms of end-to-end security”, says Thiago Cabral, specialist in Digital Security.
According to him, the registration data has high value for the black market: “They are a gold mine for criminals to carry out digital scams, as has happened very often. One of the reasons that WhatsApp, email and sms attacks and scams are growing is probably related to these types of personal data leaks, as crooks take advantage of access to this information to build and apply various formats of scams. In the case of Bradesco’s data leak, the scammer could have access to the contractual data and with which they could contact the victim or client, posing as a representative of Bradesco itself or a financial institution saying that it is aware that the victim has some type of financing in progress offering attractive discounts to pay on the spot, which can be via PIX, deposit, etc. With this, victims can be easily deceived, as criminals have much more credibility in their speeches precisely because they have access to this previously leaked information. Therefore, the leakage of this data does represent a gigantic risk for the bank’s users and customers and, therefore, banks need to be penalized in this regard”.
“The General Data Protection Law LGPD makes it clear that institutions must guarantee and care for this data. Something that is not happening. Now, obviously, an investigation will be carried out to find out what really happened, if it was due to some negligence on the part of the bank of not really following the appropriate security standards or if it was a case of force majeure, such as a third party that leaked the information, for example. But this will be evaluated, because the bank can be punished according to the rules of the LGPD.
For the user and customer who had their data leaked, our recommendation is that they really stay tuned and take care with suspicious contacts, whether by emails, sms, WhatsApp, phone etc, requesting data and asking for access to accounts. , asking to change passwords, because really, when you have some data leaked, the probability that this will happen and that you will suffer some kind of scam is quite high. Therefore, be suspicious and avoid passing data that you consider important to anyone remotely or who is not sure that it really is the bank in which you have an account. Look for ways and make sure that it is a real contact or a beginning of a coup”, completed Cabral.
C6 Bank customers divert BRL 23 million after system failure
Recently, C6 Bank customers took advantage of a possible system failure to divert the amount of R$23 million from the CDB Crédito product. Now, the Civil Police of São Paulo is investigating the case that benefited about 5,000 account holders of the bank, most of whom are residents of Baixada Fluminense, in Rio de Janeiro.
The fraud information was disclosed by Veja, which reported that there are different lines of investigation. One in which the police find out if the coup was planned by a criminal organization and another in which the agents suspect that the problem was discovered and one passed the information to the other.
The scam was committed by existing account holders and on unique smartphones, which drew a lot of attention to the case. The deviations occurred in specific points of the communities of Rio de Janeiro and even though the Justice blocked the account of all those involved, getting the money, all the people have some kind of debt in the bank.
Have you watched the new videos on YouTube from Olhar Digital? Subscribe to the channel!