A data breach involving Brazil’s Work Accident Communication (CAT) system has been reported.
The breach, disclosed by a member of BreachForums, involves 88 GB of data containing over 39 million user records.
This includes sensitive information such as names, work phone numbers, employee names, dates of birth, CTPS numbers and series, CPF numbers, CBO numbers, phone numbers, and email addresses.
The compromised database is linked to the platform http://cadastro-cat.inss.gov.br, which is used for managing work accident communications in Brazil.
Implications of the Data Breach
According to the post from FalconFeeds.io, the leaked information exposes millions of individuals to risks such as identity theft, fraud, and phishing attacks.

Sensitive data like CPF (Brazilian taxpayer-identification numbers) and CTPS (work card details) are particularly concerning since they can be exploited for financial fraud or unauthorized access to personal accounts.
Furthermore, the scale of the breach highlights vulnerabilities in the data protection practices of organizations handling sensitive information.
Legal Framework and response
Brazil’s General Data Protection Law (LGPD) mandates strict measures to protect personal data from unauthorized access, loss, or communication.
Under LGPD guidelines, organizations must notify the National Data Protection Authority (ANPD) within two working days of becoming aware of a breach that poses risks to affected individuals.
Additionally, affected users may need to be informed if the breach leads to significant harm.
Failure to comply with LGPD provisions can result in severe penalties.
These include fines of up to 2% of a company’s revenue in Brazil (capped at R$50 million per infraction), warnings, or even suspension of data processing activities.
The ANPD’s updated breach reporting guidelines emphasize internal assessments and timely notifications to mitigate risks.
Broader Context: BreachForums’ Role
BreachForums has been a hub for trading stolen data from various breaches worldwide.
Despite law enforcement crackdowns and its founder’s arrest in 2023, the platform remains active under different iterations.
This incident underscores the persistent threat posed by cybercriminal forums in facilitating large-scale data leaks.
Recommendations for Affected Individuals
- Monitor Accounts: Regularly check bank accounts and online profiles for unauthorized activity.
- Strengthen Security: Use strong passwords and enable multi-factor authentication.
Also Read: