Another day, another data leak. This time, the SPTrans, the company responsible for managing buses in the city of São Paulo (SP), had its system hacked. Data from 13 million users registered in the Bilhete Único system were exposed.
The incident was reported in a statement released by the company itself. According to SPTrans, this data was exposed:
- Name;
- social name;
- birth date;
- CPF;
- RG;
- address;
- phone number;
- affiliation;
- PIS;
- student enrollment;
- marital status;
- naturalness;
- sex;
- email;
- service portal login and password.
The information corresponds to the database for the month of April 2020. Despite the invasion, the Bilhete Único cards continue to work, and balances have been preserved.
What to do
System users are being informed by email of the incident, if they have a valid address registered.
It is not necessary to look for an SPTrans service station, but the company recommends that users change their password at Single Ticket websiteclicking on the “Forgot your password?” button.
It is always recommended not to use your password on more than one site, because data from a leak can be used for intrusions on different services.
If you did that, switching the other logins just in case is a good idea. In order not to repeat combinations, the best method is to use a password manager🇧🇷
SPTrans notifies authorities
SPTrans notified the National Data Protection Authority (ANPD) about the invasion. The General Law for the Protection of Personal Data (LGPD) requires that the body be informed of incidents of this type.
In addition, the Division of Cyber Crimes (DCCIBER) of the State Department of Criminal Divisions (DEIC) of the Civil Police of the State of São Paulo was communicated. SPTrans wants a criminal investigation to determine the source and authorship of the leak.
https://tecnoblog.net/noticias/2022/12/23/dados-de-13-milhoes-ficam-expostos-apos-invasao-a-sistema-da-sptrans/