BRPDV Data Breach: 542K Brazilian Invoices and Customer Records Leaked
Brazilian company BRPDV Ltda. suffers data leak of 542K invoices and customer records after failed extortion.
Summary
A threat actor known as an0bixz has publicly released a dataset containing 542,675 fiscal documents and customer records from Brazilian company BRPDV Ltda. The leak occurred after an extortion deadline reportedly expired without payment. The exposed data includes sensitive information such as CPF/CNPJ tax IDs, names, addresses, contact details, and masked bank references, posing significant risks of identity theft and fraud.
Full text
Data542K docs / 19 GB PriceFree leak CountryBrazil Actoran0bixz ▣Post details TargetBRPDV Ltda. (brpdv.com.br) CountryBrazil SectorRetail / Commerce ClaimFull dataset leaked after failed extortion Data542,675 fiscal documents (~19 GB) ObservedJun 5, 2026 PriceFree leak (failed extortion) Actoran0bixz !Allegedly exposed 542,675 fiscal documents (claimed) Customer CPF / CNPJ tax IDs Full names & addresses Phone numbers & emails Product, pricing & invoice totals Payment methods & masked bank refs Internal cost centers & profit margins Supplier lists & client documents ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If genuine, a leak of 542,000+ invoices containing CPF/CNPJ national tax IDs, names, addresses, contact details, and even masked bank references would expose both BRPDV's customers and its internal business operations (cost centers, margins, supplier lists) to identity theft, fraud, and competitive harm. CPF and CNPJ are core Brazilian identifiers, which makes the customer data especially sensitive. Because it is a free public release following a failed extortion attempt, the data is likely to spread widely. iStatus Unverified The dataset was published for free on an underground forum after the actor's extortion deadline reportedly passed without payment; the download links, file hash, and the company's direct contact details are not reproduced here. The claim has not been independently confirmed and BRPDV has not publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE