- Total Records223,739,215
- Unique First Names137,158,425
Serasa Experian Data Breach: What Happened in December 2020?
In late 2020, Serasa Experian, a major credit analysis company in Brazil, suffered a data breach of unprecedented scale. This incident exposed highly sensitive information associated with over 223 million individuals—more than the country’s entire population. On December 1, 2020, extensive personal data, including CPF numbers (the Brazilian individual taxpayer registry), full names, genders, and birth dates, became accessible through illicit means. The breach created significant concern amongst Brazilian citizens and authorities alike, given the critical nature of the data involved and the size of the population affected. Serasa Experian’s role as a central provider of credit analysis services meant that the leaked information spanned individuals from all walks of life, with lasting implications for privacy and personal security.
What information was exposed in the Serasa Experian breach?
The compromised database included full names, CPF numbers, birth dates, and gender information of nearly every Brazilian adult. These fields are not just basic identifiers, but are fundamental to identification and verification processes in Brazil, making the exposure particularly sensitive.
How many people were affected by the Serasa Experian leak?
The breach affected 223,739,216 personal records, a number that even exceeds Brazil's recorded population due to duplicate entries and historical data. This means that essentially anyone with a CPF number, including deceased individuals, was potentially included in the exposed dataset.
Timeline of the Serasa Experian breach
The breach was first discovered in December 2020, when large data packages began circulating on cybercrime forums. It’s believed the intrusion occurred near the start of that month. Public awareness and government investigations quickly followed as reports of the leak escalated, and the breach remains one of the largest incidents of personal data exposure in Brazil's history.
Who was behind the Serasa Experian data breach?
As with many large-scale data breaches, concrete attribution is challenging. Initial signs pointed to coordinated cybercriminal activity on dark web forums, but no clear individual or group has been officially identified or charged in direct connection to the breach. Law enforcement and regulatory authorities continue investigations.
FAQ about the Serasa Experian Data Breach
What data was leaked in the Serasa Experian breach?
The exposed data included full names, complete birth dates, CPF numbers, and gender information for over 223 million individuals.
When did the Serasa Experian data breach happen?
The breach occurred and was discovered in December 2020, with the first signs reported on December 1st.
How many Brazilians were affected by the Serasa Experian leak?
The breach involved 223,739,216 records, meaning virtually every Brazilian citizen was likely included in the compromised database.
What is a CPF number and why is its exposure significant?
A CPF number is the Brazilian individual taxpayer registry, widely used as a key identifier in banking, commerce, and government services. Exposure of CPF numbers puts individuals at heightened risk of fraud and identity misuse.
How can I check if I'm in the Serasa Experian breach?
You can check if your information was part of the Serasa Experian breach by utilizing the DeHashed search engine.