Dataprev, the state-owned company responsible for processing data from the National Social Security Institute (INSS), reported that the leak of data from the organization’s beneficiaries affected 2.8 million people. The information was confirmed this Tuesday (26). The problem was caused by a flaw in the security lock on the “Meu INSS” platform on April 19, but it only became public last week.
At the time, Dataprev did not inform the total number of people involved, claiming that the incident was still in the investigation phase. Government technicians privately estimated that the leak had affected 1.5 million people.
The INSS reported, in a note, that 97% of the data leaked are from deceased people and around 50,000 refer to insured people without a death record. Dataprev reported this Tuesday that 98.19% of the accesses carried out were data referring to deceased people.
The data leak was revealed by the newspaper Folha de São Paulo and only confirmed by Dataprev and INSS last week.
What the parties say
When contacted, the agencies stated that they took immediate action after improper identification of accesses. The National Data Protection Agency (ANPD) was also quickly contacted.
The INSS explained that the accesses did not result in the granting of new benefits or fraudulent loans. He also claimed that the agency has adopted several locks to increase the system’s security, such as mandatory use of facial biometrics, for example.
Continues after advertising
“The granting of any benefit has a series of security locks. The INSS has reinforced its internal controls in order to offer greater security for the analysis of its benefits”, says the note.
Experts, however, classify the incident as serious because data from almost three million people was stolen and could be used by criminals. The INSS database contains various information, such as links and affiliations, in addition to CPFs.
“As an additional protection measure, Dataprev implemented new security controls with access limits”, informed Dataprev.
