Brazil insurer breached

A Brazilian insurance broker, Suporte Vitória Seguros, was named in a leak post that said 851 megabytes of company and customer data had been stolen after a remote-access system was left exposed. (x.com) The post, flagged by VECERTRadar, said the exposed service involved Docker and Virtual Network Computing, or VNC, a tool that lets someone control another machine’s screen, keyboard, and files over the internet. MITRE says attackers use VNC to remotely operate compromised systems and collect data. (x.com) (attack.mitre.org) The actor using the name “shight_hoe” said a poorly configured network-attached storage device helped enable the exposure, and the leak description said the files included Brazilian identity numbers, payment-card data, credentials and internal corporate material. The claim was visible in the same VECERTRadar post, and no independent public forensic report was available in the sources reviewed. (x.com) Suporte Vitória Seguros presents itself on its website as a Brazilian insurance broker with more than 30 years in the market, focused on fleet, cargo, auto, life and business insurance. The company lists a WhatsApp contact, phone number and email address on its public site. (suportevitoriaseguros.com.br) VNC is screen-sharing software, and Docker is software used to run applications in isolated containers, like separate boxes on the same server. When either remote access or storage is exposed to the open internet without tight controls, an intruder can move through files and systems without needing a physical device. (attack.mitre.org) In Brazil, companies that confirm a personal-data security incident with relevant risk or damage to individuals can be required to notify the National Data Protection Authority, known as the Autoridade Nacional de Proteção de Dados, within three business days. The authority’s guidance says the reporting channel is for data controllers, and its 2024 rule covers incidents involving financial data, large-scale datasets and authentication credentials. (gov.br 1) (gov.br 2) Suporte Vitória Seguros also publishes a privacy policy on its site, which says the company respects user privacy in information collected through its website and other sites it operates. A public statement from the company about the alleged breach was not found in the sources reviewed for this thread. (suportevitoriaseguros.com.br) If the leaked files are authentic, the practical risk is identity fraud and account takeover, because Brazilian Cadastro de Pessoas Físicas numbers, login credentials and card data can be reused well beyond the original breach. The next concrete test is whether the company confirms the incident and whether Brazil’s data-protection authority or affected customers are formally notified. (x.com) (gov.br)