SPTrans: almost 37 million sensitive data exposed
SPTrans is the company responsible for the operation of public transport in the capital of São Paulo, having a gigantic database and information. Now, imagine if a breach in the security of that organization were made public, available to cybercriminals? It would be a great disaster! And that is exactly what happened. On August 8, 2020, a report was made public about a flaw in the company's security system, where anyone could access the sensitive data of the users of the single ticket - card used to pay for transportation. The exposed data contained: photos and registration data (CPF and RG), full physical address, affiliation, sex, telephone, date of birth, place of birth and marital status of almost 37 million users . This failure, in addition to undermining the integrity, availability and confidentiality, which are basic principles of information security, violates the requirements of the LGPD - General Data Protection Law , which determines the obligation of companies to guara...