Particle.news
Download on the App Store

INSS Confirms Major Data Leak Traced to Dataprev System Flaw

The breach mostly exposed records of deceased beneficiaries while tens of thousands of living CPFs were also accessed, raising privacy and oversight concerns as authorities investigate

Overview

  • Dataprev detected the security flaw on April 22 and the INSS notified the national data protection agency before publicly confirming the incident on May 21 after a Folha report.
  • Officials and technicians say the full list of affected records is still being consolidated and media estimates place the exposure at about 2 million CPFs.
  • The INSS reports that roughly 97% of accessed CPFs belong to deceased people and about 50,000 records concern living beneficiaries whose data carry the highest privacy risk.
  • Dataprev says it blocked the IP used and added access limits while the INSS tightened controls such as facial biometrics, and both institutions report no confirmed fraudulent benefit concessions so far.
  • The delayed public disclosure has drawn scrutiny of government cybersecurity and transparency, and authorities are continuing technical and regulatory investigations to measure impact and assign responsibility.