Brazil
Commerce
BRPDV Data Breach: 542K Brazilian Invoices and Customer Records Leaked
A threat actor using the alias an0bixz has publicly released what they claim is a full dataset stolen from BRPDV Ltda., a Brazilian company (brpdv.com.br), after an extortion deadline reportedly expired with no payment. The leak advertises 542,675 fiscal documents (Brazilian NF-e/NFC-e invoices, about 19 GB uncompressed) containing customer CPF/CNPJ tax IDs, names, addresses, contact details, and internal company financial data. The claim is unverified and BRPDV has not publicly addressed it.
Brazil▣Post details
Brazil!Allegedly exposed
- 542,675 fiscal documents (claimed)
- Customer CPF / CNPJ tax IDs
- Full names & addresses
- Phone numbers & emails
- Product, pricing & invoice totals
- Payment methods & masked bank refs
- Internal cost centers & profit margins
- Supplier lists & client documents
◱Screenshot
⚠Potential impact
If genuine, a leak of 542,000+ invoices containing CPF/CNPJ national tax IDs, names, addresses, contact details, and even masked bank references would expose both BRPDV's customers and its internal business operations (cost centers, margins, supplier lists) to identity theft, fraud, and competitive harm. CPF and CNPJ are core Brazilian identifiers, which makes the customer data especially sensitive. Because it is a free public release following a failed extortion attempt, the data is likely to spread widely.
iStatus
UnverifiedThe dataset was published for free on an underground forum after the actor's extortion deadline reportedly passed without payment; the download links, file hash, and the company's direct contact details are not reproduced here. The claim has not been independently confirmed and BRPDV has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE
