contador web Skip to content

Government of So Paulo Confirms Leak of ProAC Subscriber Data | Security

A security breach exposed personal data from more than 28,000 applicants from the So Paulo State Cultural Action Program (ProAC). The breach in the ProAC website, discovered by the Congress in Focus website and unveiled on Thursday (24), allowed access to information such as identity copies of 2015 through 2018 applicants from 2019 were unaffected by the failure. According to the website, the problem was detected by the report on Monday (21), but at the time of publication of the matter the personal documents of the candidates were still available on the Internet. Addresses disclosing the data were only blocked after the announcement of the leak.

READ: 800 million data leaks over the Internet; see how to protect yourself

In a note to the Congress in Focus, the Secretariat of Culture and Creative Economy of the State of So Paulo explained that a technical error occurred during the previous management of the body, and that the case should be investigated. ProAC is a culture incentive program for the production of small projects. Interested parties may apply for notices to request investments. THE dnetc contacted the Secretariat of Culture, responsible for ProAC, which confirmed the leaks. Full positioning is at the end of the text.

Data such as CPF tax ID and ProAC subscriber identity were available on the Internet. Photo: Nicolly Vimercate / dnetcData such as CPF tax ID and ProAC subscriber identity were available on the Internet. Photo: Nicolly Vimercate / dnetc

Data such as CPF tax ID and ProAC subscriber identity were available on the Internet. Photo: Nicolly Vimercate / dnetc

Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc

According to the Focusing Congress, the failure exposes the documents submitted by candidates at the time of enrollment in ProAC edicts. The security breach is the assignment of an identifying number to data (such as cultural project proposals and personal information) saved on the platform. The code is sequential and predictable, so that addresses can be generated to download data such as proof of residence, copies of identity and project proposals, the documents required at the time of registration. Simply change the sequence to access candidate information. That way anyone could access this data on the ProAC website itself.

In addition, according to the focus of Congress findings, more than 56,000 active links were detected at the time the security breach was discovered on Monday (21). The State Department of Culture was notified of the same day vulnerability, but returned contact only after the first report on the journalistic website was published. THE dnetc He also contacted the agency and received the same note sent to the Focus Congress. In the text, the Secretariat informs that it will investigate the case of technical error, and has already blocked external access to documents at the time it found the failure.

"The Secretariat of Culture and Creative Economy regrets that a technical mistake made by the previous gesture exposed personal data of bidders registered in ProAC's pre-2019 editions. As soon as informed of the fact, the Secretariat immediately blocked access to the data and adopted a series There was no disclosure of personal data relating to ProAC 2019. Pasta notified the company responsible for the system and, by determination of the secretary, opened a preliminary procedure to identify any system failures. , opened an investigation to establish responsibility for the episode. "

Via Focus Congress (1 and 2) and Folha de S Paulo

How to consult CPF in Serasa; free app works on mobile

How to consult CPF in Serasa; free app works on mobile