DataBreach Logo
HomeNewsBreachesAPIAboutAccount
HomeNewsBreachesAPIAboutAccount
sus-brazil-2024

SUS Brazil Breach

Nov 22, 2024

177,959,507 rows

Added on Nov 22, 2024
Data Found in the Breach
Social Security Number
Phone Number
Other Government ID
Name
Home Address

Search the Leak

Full Name
OR
Other Government ID
Phone Number
OR
Social Security Number

What happened in the SUS Brazil Breach?

DataBreach.com Team · November 21st 2024, 7:00 pm EST

In mid-September 2024 a dark-web trader posted what it claimed was a full replica of Datasus, the national patient database that underpins Brazil’s Unified Health System (SUS). A torrent shared on 18 September advertised 177.9 million rows—effectively every living and deceased Brazilian—with CPF numbers, parents’ names, street addresses, identity-card details, SUS health-card numbers and phone contacts. Sample files matched the schema used by official SUS enrolment systems, but no government agency has yet confirmed the breach or explained how attackers might have copied such a vast trove.

Threat-intel analysts who downloaded small slices say most records were timestamped between 2015 and 2023, suggesting the data was exfiltrated recently rather than pieced together from older leaks. Because CPFs and National Health Card numbers rarely change, the cache provides ideal seed material for identity theft, prescription fraud and large-scale phishing. Within 24 hours of the post, Brazilian Telegram channels were offering CPF look-ups “while servers last,” and criminal forums were bundling the dump into combo lists aimed at banks and fintechs. Cloud-storage links hosting the 90 GB archive were still active a week later despite takedown requests routed through Brazil’s National Data Protection Authority (ANPD).

Cyber-law specialists note that if the exposure is verified, it would eclipse the country’s 2021 megabreach and mark the first time a complete national health registry has circulated publicly. Under the Lei Geral de Proteção de Dados (LGPD), Datasus operates as a “controller” of sensitive health data, so an uncontrolled leak could trigger fines of up to 2 percent of the Ministry of Health’s annual budget and force sweeping security reforms across thousands of municipal clinics that sync with the platform. Meanwhile, consumer-rights groups are urging Brazilians to freeze credit, enable multifactor authentication and treat unsolicited calls or WhatsApp messages referencing medical services as potential scams.

Recent News
Updating Story: Hacker Says He Stole Millions of Columbia University Admissions Records
Updating Story: Hacker Says He Stole Millions of Columbia University Admissions Records
6 days ago
AT&T’s $177 Million Breach Settlement: How Much Could Land in Your Pocket?
AT&T’s $177 Million Breach Settlement: How Much Could Land in Your Pocket?
18 days ago
A Closer Look at the Washington Post Email Hack
A Closer Look at the Washington Post Email Hack
22 days ago
Is Ticketmaster’s 2024 Mega-Breach Now on the Cyber-Crime Resale Rack?
Is Ticketmaster’s 2024 Mega-Breach Now on the Cyber-Crime Resale Rack?
a month ago
Exclusive: Texas Tech University Health Sciences Center El Paso Data Breach Exposes 1.4 Million Records
Exclusive: Texas Tech University Health Sciences Center El Paso Data Breach Exposes 1.4 Million Records
a month ago
Created and maintained by
For media inquiries, contact us at contact@databreach.com
Terms & ConditionsPrivacy Policy