In June 2025, researchers from the independent platform Cybernews reported a massive leak involving an estimated 16 billion login credentials, compiled from around 30 different databases. According to the team, the exposed data includes recent information and presents serious potential for large-scale exploitation. While some cybersecurity experts have questioned the accuracy of the total volume — citing possible duplication and outdated records — portions of the dataset had not been publicly identified before, and one of the largest files appears to relate to Portuguese-speaking users.

Regardless of the disputed figures, the incident reinforces a critical message: information security is a legal and regulatory obligation. Companies that store or process personal data — even if not directly linked to the breach — must reassess authentication controls, review access governance, and ensure full compliance with laws like Brazil’s LGPD. Massive exposures, even indirect ones, may trigger legal liability or regulatory scrutiny, especially if exploited through reused credentials. Legal and compliance teams should treat this case as a prompt to update preventive frameworks and strengthen incident response readiness.

*

share

LinkedInFacebookTwitterWhatsApp
*

serial content

client alert | memorandum articles

Know more about the Privacy and Data Protection content we have produced

read more

newsletter

Subscribe our newsletter and receive first-hand our informative

    For more information on how we handle your personal data, see our Privacy Policy.
    contato@camposthomaz.com
    *

    R. Funchal, 551, conjunto 51
    Vila Olímpia, São Paulo – SP
    04551-060

    11 3044-4906

    © Campos Thomaz Advogados privacy policy