The digital age brings undeniable advances for communication and transactions at a distance. On the other hand, it requires serious measures for data security.

     The cyber attack that occurred in Brazil in January this year, when 40 million CNPJs and 223 million CPFs (including deceased persons), in addition to registration data and economic, tax, social security, social media profiles, credit scores and photographs were vulnerable, it illustrates well what can happen with the leakage of sensitive information. The attack took place in the zone of the internet known as the dark web, the most sinister part of the harmful deep web, with its domains focused on criminal practices. Although the attacks happen worldwide, Brazil appears as one of the most vulnerable countries to exposure to risks that increased significantly during the pandemic, with the work done in the home office and with the increase of electronic commerce.

     The extent of a data breach can be quickly resolved, but that is not the rule. Investigation days are needed to find out from whom and how much has been compromised in relation to citizens' privacy and security. During this period, the information obtained can be sold and citizens exposed to other types of theft and fraud. In the corporate world, in addition to financial losses, a data breach can compromise the image, reputation and credibility of the company, generate lawsuits, investigations, layoffs of employees, affecting the progress of business. For experts in digital law, data leaks can have an impact for many years and are unlikely to be reversed. The difficulty of producing evidence in court also makes investigations to determine those responsible for the damage caused and the exemplary punishment of those involved imperative.

     In the face of increasingly frequent attacks, experts warn that, in relation to users, attitudes must be of awareness and prevention. You need to know how to respond to calls or receive emails and messages that request information and personal data. Regarding companies, in addition to raising awareness and training teams, it is necessary to invest in information security. The security policy should detail the company's asset and data protection procedures and be continually updated. It must adopt a term of responsibility in which employees commit themselves to comply with specific rules. It is important that companies also have an action plan against possible leaks that contemplates: business impact analysis; survey of recovery methods; mapping of confidential and critical data; protection actions; mapping the risks of the IT structure, constant monitoring of data breach legislation.

     In Brazil, the new General Data Protection Law (LGPD), enacted in September 2020, aims to provide greater security to personal information, forcing companies to create barriers that limit hacker attacks, which is not a simple task. Technological resources have not been sufficient to curb the attacks that continue to take place, but the existence of a specific data protection law is seen as an advance.

Research by the digital security company, ClearSale, indicates that attacks on online retail in Brazil increased by 53.6% in 2020, compared to 2019.

https://veja.abril.com.br/tecnologia/maior-vazamento-de-dados-pessoais-do-pais-expoe-riscos-da-era-digital/

https://canaltech.com.br/hacker/risco-vazamentos-de-dados-milhoes-de-usuarios-foram-afetados-156821/

https://www.conjur.com.br/2021-fev-01/vazamento-dados-grave-impacto-sentido-anos

https://acaditi.com.br/vazamento-de-dados/