A large data leak in March affected the Brazilian platform James Delivery and 13 more companies from various sectors. Altogether 132,957,579 users from around the world were exposed in a database that began to be sold by criminals in June this year for values ranging from $ 100 to $ 1,100, according to Binary Defense.
As for James Delivery, there are a total of about 1.5 million profiles, including e-mail addresses, passwords and locations.
Luís Fernando Prado, a lawyer specializing in Digital Law, Privacy and Data Protection, explained to our team that, with the General Data Protection Law (LGPD) in force, there are some actions that must be taken, provided for by the legislation – even if not necessarily apply to this situation, which would require further analysis.
“In the case of data leaks, a company needs to communicate the fact to the affected holders and explain what happened and what it is doing to minimize the consequences of this exposure. To give satisfaction. It is in the law, it is a legal obligation. In other words, studies show that companies, when they are more transparent and proactive in this communication, end up suffering less reputational damage and even in the regulatory sphere “, he says.
“If [the situation] puts people at risk, you need to notify the national data protection authority, which can open an administrative investigation to understand what happened,” he adds.