Impact & Downstream Threats
This breach carries critical risk due to the nature of exposed data fields and the scale of affected records.
- Identity theft and synthetic identity construction using government-issued IDs
Breach Intelligence
Executive Summary
On 20 January 2021, Brazilian cybersecurity firm , PSafe, uncovered a dataset holding the personal records of more than , 220 million people, being traded on a dark-web forum, instantly marking the event as the , largest data breach in Brazil’s history, .,
, The leak—roughly , 1 TB, of compressed files—contained names, dates of birth, , CPF tax numbers, , addresses, phone numbers, email addresses, salary ranges, credit scores and even facial images. A second collection exposed data on , 40 million Brazilian companies, , complete with CNPJ identifiers and estimated revenues, suggesting the trove was assembled from several compromised sources over many months.,
, The threat actor posted two sample files and advertised the full package for , US $40,000 in Bitcoin, , offering buyers a searchable web panel. Screenshots showing live CPF look-ups spread quickly across social media and mainstream outlets, amplifying public outrage and drawing regulators’ attention.,
, Because many leaked fields mirror those collected by the credit-reporting sector, suspicion soon focused on , Serasa Experian, , the São Paulo arm of global bureau Experian. In , February 2021, the company confirmed it was investigating but reported “no evidence” that Serasa’s systems had been breached after a detailed forensic review by external specialists. No organisation has yet been proven liable for the compromise.,
About Serasa Experian
Brazilian credit bureau and analytics company.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 223.7M records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In January 2021, Serasa Experian experienced a data breach that exposed approximately 223.7M records containing personal information.
The exposed data includes fields such as full name, ssn.
Approximately 223.7M records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Serasa Experian
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam