Brazil’s FIESP Suffers Data Leak – Tens of Millions Exposed Drew Wilson | November 23, 2018 The Federation of Industries of the State of São Paulo (FIESP) of Brazil has suffered a leak. The size of the leak is unclear, but it appears to be over 35 million records. If you think that data leaks and breaches only occur in English speaking countries, you’d be very very wrong. There’s been another data leak. This time, it affects Brazil’s largest professional organization: the Federation of Industries of the State of São Paulo (FIESP). The organization represents over 130,000 companies, so this is by no means a small organization. So, if an organization like that suffers a data leak, there’s a risk that it could be a big one. As it turns out, this is a big one. According to ZDNet, security researcher Bob Diachenko found three databases from the organization floating around the web. While the report did not say how big the entire leak is, the largest of the three databases weighs in at a whopping 34.8 million entries. From ZNet: The records leaked included names, ID and social security numbers, as well as full addresses, emails and telephone numbers. According to Diachenko, the data was open for consultation by anyone and had been openly available online for several days. The researcher claims to have tried contacting FIESP to warn the industry body of the occurrence to no avail. After the leak was first made public by Hacken Proof on Twitter, a Brazilian follower got in touch with the organization to inform them about the data leak and only then the database went offline. In a statement, FIESP said it is “investigating the alleged access to its database by a company that claims to work in digital security,” but it has pretty much denied that anything serious has happened at all. To put the size of this leak into perspective, as of 2017, the population of Brazil is 209.3 million people. So, that one database theoretically could represent about 17% of the countries entire population. The article notes that Brazil doesn’t really have any data protection laws in place, so it isn’t very likely that there is going to be any severe repercussions. In theory, a leak this large can be big enough to spur political change. Whether or not that actually happens is unclear, though. Drew Wilson on Twitter: @icecube85 and Google+.