Data from policyholders from the National Social Security Institute (INSS) were leaked after a security breach in the Dataprev system, a state-owned data processor for the federal government. The problem on the platform occurred on April 22, and was reported to the National Data Protection Agency (ANPD) by the INSS itself, which confirmed the leak this Thursday (21).
The data leak was revealed by the Folha de São Paulo newspaper and was not yet public knowledge. The INSS did not inform the number of policyholders whose data was exposed. According to a note from the institute, the information is still being consolidated by Dataprev.
What INSS and Dataprev say
In the note, the INSS says that the situation was identified quickly and measures were taken:
“The incident was identified by Dataprev on April 22nd, with the necessary measures adopted on the same date. When the INSS became aware, a communication was sent to the National Data Protection Agency (ANPD) within the due period.”
The INSS also reported that 97% of the data leaked are from deceased people and around 50,000 refer to insured people without a death record.
Continues after advertising
Servers speak privately that the problem affected around two million people. The INSS pays a population of almost 42 million people every month, including assistance benefits.
The INSS stated, however, that there were no new benefits or fraudulent loans granted as a result of the leak. He claimed that several locks were provided to increase the system’s security, such as the use of facial biometrics, for example.
“The granting of any benefit has a series of security locks. The INSS has reinforced its internal controls in order to offer greater security for the analysis of its benefits”, says the note.
When contacted, Dataprev said in a note that “it maintains continuous monitoring and carries out permanent analysis of information security events”.
