On April 24, XP Inc. informed its clients about a data breach involving unauthorized access to a database hosted by an external provider. According to the company, basic registration and financial information—such as names, emails, phone numbers, account balances, and credit limits for March—were compromised. XP emphasized that no sensitive data like passwords, CPF numbers, biometric information, or credentials enabling financial transactions were exposed. The company acted promptly to block the unauthorized access and assured that none of its internal systems were affected.

XP also warned clients to be cautious about potential scams involving the leaked data and advised against taking any action in the app based on phone calls claiming to be from the company. The firm reassured that its apps and websites remain secure, with no need to change passwords. The incident highlights the critical role of third-party risk management in personal data processing, in line with Brazil’s General Data Protection Law (LGPD).

*

share

LinkedInFacebookTwitterWhatsApp
*

serial content

client alert | memorandum articles

Know more about the Privacy and Data Protection content we have produced

read more

newsletter

Subscribe our newsletter and receive first-hand our informative

    For more information on how we handle your personal data, see our Privacy Policy.
    contato@camposthomaz.com
    *

    R. Funchal, 551, conjunto 51
    Vila Olímpia, São Paulo – SP
    04551-060

    11 3044-4906

    © Campos Thomaz Advogados privacy policy