Cybercrime

Brazil’s Federal Police arrest alleged National Public Data hacker

Police did not name a suspect, but the Brazilian national is also tied to data breach at Airbus and the FBI’s Infragard.

By Greg Otto

October 17, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

(Courtesy of Brazil Federal Police)

The Federal Police of Brazil on Wednesday arrested a person allegedly responsible for a series of audacious data breaches targeting large international companies and U.S. government entities.

The suspect, who is known in the cybercrime underground as USDoD or EquationCorp, is allegedly the person responsible for a breach of the online background check and fraud prevention service National Public Data, exposing personal information and Social Security numbers of millions of Americans. Brazilian authorities also say the suspect is responsible for compromising the FBI’s InfraGard — a portal used by American law enforcement to share critical threat information.

The Brazilian police did not name the suspect. In August, Brazilian tech publication Tecmundo reported that CrowdStrike had given a report to Brazilian police naming a 33-year-old “Luan “B.G.” as the person responsible for breaching National Public Data. Shortly thereafter, a “Luan” told HackRead that CrowdStrike had doxxed him and claimed responsibility for the breach.

CyberScoop confirmed “Luan” is a 33-year-old Brazilian national via his Instagram account. Brazilian police could not be reached for comment.

Brazilian authorities arrested the attacker Wednesday in Belo Horizonte, Brazil’s sixth-largest city. Authorities said the suspect was arrested “under warrants issued for past illegal data sales, specifically on May 22, 2020, and February 22, 2022.”

The data breach at National Public Data compromised 2.9 billion records, including full names, addresses, birth dates, phone numbers, and Social Security numbers. The stolen data spans at least three decades and was being sold on the cybercrime underground with server credentials for $3.5 million.

A screenshot of the listing on a cybercrime forum tied to the National Public Data breach.

Brazilian police also say the suspect is responsible for data breaches on other entities, including Airbus and the Environmental Protection Agency.

This arrest marks another step in Brazil’s ongoing battle against cybercrime, following a successful operation earlier this year that dismantled a criminal group behind the banking malware Grandoreiro, which has defrauded victims of millions dating back to 2019.