A major cybersecurity breach has targeted Brazil's Receita Federal, with cybercriminals claiming to have stolen over 1 billion unique records belonging to 248 million individuals and companies. The leaked database reportedly contains sensitive personal and corporate data, including CPFs, CNPJs, email addresses, phone numbers, and physical addresses. Hackers are currently offering the entire dataset for sale on underground forums for the relatively low price of $1,300.
The threat actors allege they gained access by exploiting a vulnerability in an outdated system that remains unpatched. While the Receita Federal has not officially confirmed the breach, authorities are already conducting investigations into the authenticity of the sample data provided, which includes maternal names and specific CNAE codes for businesses. This incident highlights the persistent risks associated with legacy infrastructure in government institutions.
