Brazilian Conglomerate Suffers 3TB Data Breach: Report

Written by

Hackers have stolen several terabytes of corporate and employee information from controversial Brazilian multi-national Andrade Gutierrez, in a raid the firm reportedly still hasn’t acknowledged.

The Belo Horizonte-headquartered giant is one of the largest engineering firms in Latin America, responsible for major projects in infrastructure, energy, oil and gas, and transport across the region.

However, a hacking group known as the “Dark Angels” claims to have stolen 3TB of emails and corporate information – including names, email addresses, passport details, payment info, tax ID numbers and health insurance information on over 10,000 employees, according to The Brazilian Report.

Hidden in multiple emails are passwords that could be used to log-in to municipal and state tax authority accounts, the report alleged. Also among the trove are blueprints to several big-name construction projects completed by Andrade Gutierrez, including ports, airports and several facilities used in the 2014 World Cup and 2016 Olympic Games held in Brazil, the report continued.

Infosecurity has not been able to confirm the validity of the 15GB dataset shared by the hackers with The Brazilian Report.

However, the breach itself is said to have occurred in September–October last year and was achieved through exploitation of a server vulnerability, which is reportedly still unpatched today.

The multibillion-dollar revenue firm, which employs over 200,000 staff worldwide, is no stranger to controversy. In 2018 it agreed to pay $381m to settle graft charges associated with the “Lava Jato” scandal, which led to the prosecution of former and current Brazilian president, Luiz Inácio Lula da Silva.

An Andrade Gutierrez spokesperson told Infosecurity that it would not be commenting on the matter.

What’s hot on Infosecurity Magazine?