Brazilian insurance giant Porto Seguro hit by cyberattack

The incident caused instability to the company's systems and customer service channels.
Written by Angelica Mari, Contributing Writer

One of Brazil's largest insurance groups, Porto Seguro, has reported it suffered a cyberattack that resulted in instability to its service channels and some of its systems.

The company reported the incident to the Securities and Exchange Commission (CVM) on Thursday (14), saying that it "promptly activated all security protocols" and that it has been gradually restoring its operating environment and working towards resuming normal business as soon as possible.

Porto Seguro did not disclose any further details in relation to the type of attack it has suffered but noted that so far, no data leakage had been identified in relation to the company or its subsidiaries, customers or partners, including any personal data.

The third-largest insurance company in Brazil, Porto Seguro leads the car and residential insurance segments in Brazil and has around 10 million clients across its various business lines, including credit provision. The company is headquartered in São Paulo, with subsidiaries in Brazil and Uruguay employing more than 13,000 staff.

The company is the latest of a list of major Brazilian organizations suffering major security incidents over recent weeks. Earlier this month, CVC, one of the country's largest travel operators, was hit by a ransomware attack that brought its operations to a standstill.

Since the attack, reported to CVM on October 2, the company has a banner on its website stating that it has been hit by a cyberattack and that it is "working diligently to mitigate the impact of the incident and ensure business continuity." At the time of writing, the CVC's investor relations page, where updates on the incident would have been published, was unavailable.

Prior to CVC and Porto Seguro, other major Brazil companies targeted by cybercriminals included retail chain Renner, a victim of a ransomware attack that compromised its e-commerce platform for three days in August.

Security teams are in place in less than a third of Brazilian organizations, even though most businesses frequently suffer cyberattacks, according to research published by Datafolha Institute on behalf of Mastercard and published in June. The study has found that financial services, insurance, and technology and telecommunications are among the most prepared in terms of cybersecurity readiness. Conversely, the education and healthcare sectors are the most vulnerable.

According to a separate study, also carried out by Datafolha Institute and published in July, the fear of cyber attacks is high among Brazilian users. The research aimed at measuring the level of concern regarding consumers' security within data and information exchange environments, and it found that only 13% of those polled consider their data to be very secure. In comparison, 21% consider their data to be insecure.

In September, the banking sector started discussions with the Ministry of Justice around the creation of a strategy to address crime in digital environments. Goals under the strategy would include the expansion of the set-up around identifying and repressing actors responsible for cybercrimes, as well as the promotion of permanent cooperation between the public and private sectors on the matter and public awareness campaigns on cyber risks and fraud.

Editorial standards