ANPD Monitors The National Data Protection Authority (ANPD) has begun monitoring the use of facial recognition systems in ticket sales and at stadium entrances for 23 football clubs. The measure aims to ensure that the use of this technology complies with the LGPD, especially in the processing of biometric data.
The General Sports Law requires the use of facial recognition in stadiums with a capacity of over 20,000 people to increase security. Although the LGPD does not prohibit this data processing, the ANPD issued a preventive measure requiring that, within 20 business days, clubs publish detailed information about registration and biometric identification procedures on their ticket sales platforms.
Furthermore, clubs must submit Data Protection Impact Reports and justify how the processing of biometric data of children and adolescents serves the best interests of this group, ensuring transparency and protection.
Unimed Brusque Suffers Destructive Attack
Unimed Brusque was the target of a destructive cyber attack that compromised its systems and affected essential services such as exam scheduling and authorizations.
At the time of the incident, the instability specific database by industry was reported via Instagram, followed by an official statement stating that the damage had been contained. So far, there have been no posts claiming the attack by hackers.
This incident highlights the vulnerability of the healthcare sector to cyberattacks. It is therefore crucial that healthcare companies invest in robust digital security, including regular backups and continuous monitoring.
Just Cause Confirmed for Improper Access to Bank Data
The Regional Labor Court of the 2nd Region (TRT-2) confirmed the dismissal for just cause of a call center worker who improperly accessed bank accounts of public figures. The employee used his position to access confidential information why is mobile optimization important? without authorization, violating LGPD guidelines.
The improper access was detected by a monitoring system of the contracting financial institution. In the judgment, it was clear that the seriousness of the violation resulted in a breach of trust and justified the immediate termination of the employment contract.
This case reinforces the importance of strict information security policies and access monitoring in companies in the financial sector. Failure to comply with the LGPD can result in severe legal sanctions.
Florianópolis Hacker Embezzles R$6 Million from Fintech
A 21-year-old hacker was arrested in Florianópolis after embezzling R$6 million from a fintech company. The cybercriminal used betting email list advanced phishing techniques to obtain access credentials and make fraudulent transfers. The crime occurred in July 2024.
During the operation, authorities seized US$50,000 in cryptocurrency and a vehicle valued at approximately R$120,000. The investigation continues, as there are suspicions of the involvement of other accomplices.
This case highlights the growth of cyberattacks in the financial sector. Therefore, fintechs need to invest in digital security, including multi-factor authentication and real-time fraud detection.
New Yahoo Data Leak Hits 600,000 Users
Yahoo has suffered yet another data breach, exposing the personal information of 600,000 users. The database is for sale online for $100,000. Although the post does not specify the exact contents, it is common for such leaks to include usernames, encrypted passwords, dates of birth and email addresses.
The incident highlights the need for robust security practices, such as advanced encryption and ongoing vulnerability monitoring. Affected users should immediately change their passwords and enable multifactor authentication to protect their accounts.
This leak reinforces the importance of incident response policies in companies that deal with large volumes of data. Protecting user information is essential to maintaining trust and avoiding legal penalties.
The Importance of DPO as a Service in Data Protection
Cases of data leaks and cyberattacks reinforce the need for solid privacy and information security policies. To mitigate risks and ensure compliance with the LGPD and other regulations, companies and institutions must invest in specialized solutions.
DPO as a Service is an effective alternative for organizations that want to strengthen their digital security. It enables the implementation of good data protection practices, reducing risks and avoiding penalties. Having a specialized DPO not only prevents attacks and leaks, but also ensures the reliability of systems and the security of customer information.
