Last week was eventful for cybersecurity. A huge data leak happened in a Brazilian fintech; records about 30 million clients were exposed. The AI platform leaked personal information and chat history, including sensitive documents. In order to address cybersecurity issues, the UAE launched the National Cybersecurity Strategy.

A severe data leak happened in Brazil. Criminals exposed sensitive data of some 30 million customers of fintech Neon. According to the official statement, the fintech is aware of alleged unauthorized copying of data with the attempted extortion, the investigation in progress, and all necessary security measures are implemented.

Journalists report that criminals exfiltrated a large trove of data, including purchase history, Pix transaction history, and personal information. The list includes such data as:

• Full name
• Contact information
• Financial information (income, balance, etc.)
• Bank client photos and images of documents.

Neon stated that stolen information doesn’t expose clients’ accounts, and criminals won’t be able to carry out financial transactions. Nonetheless, leaked data can be used for different scams like phishing, opening fake accounts, different fraud schemes, etc. This breach caused major reputational damage to Neon Bank, which just reached the point of financial equilibrium and started to make a profit.

The ANPD - National Data Protection Authority - can impose sanctions such as fines of up to 2% of the company's turnover, limited to R$50 million (around US$10 million) per infraction, warnings and orders to immediately correct the security flaws and there are cases in which there is a partial or total suspension of the database involved in the incident, which can directly impact the company's operations.

Brazil is one of the South American countries that faced the highest number of cyberattacks in 2024. The Brazilian financial sector was one of the top three targets for criminals in 2024. An average cost of a data breach was $1.36 million for a Brazilian company in the last year.

Another major data leak affected the OmniGPT AI Chatbot. Company officials hadn’t confirmed the breach, but, preliminary, information about 30,000 users and 34 million lines of chat history was exposed. Leaked data included:

• API keys
• client credentials
• links to external documents with sensitive content like financial records.

OmniGPT is an AI aggregator platform that provides access to several AI models. It has a global user base, with the majority of users from Brazil, India, the UAE, and China. It’s worth noting the majority of affected countries have enacted data protection policies. Failure to comply can lead to significant fines and regulators intervention.

The incident with OmniGPT is one of the biggest data leaks related to AI projects. If it is confirmed, the breach could spark discussions on the topic of AI security issues and the necessity to address them. Questions about the processing and storing of personal information could be raised. Are records depersonalized? How well are they protected? How long will sensitive information be archived?

As the data criminals targeted Neon Bank and the OmniGPT platform, the UAE launched the National Cybersecurity Strategy 2025 in order to develop a complex approach to cybersecurity on the state level. Dr. Mohamed Al Kuwaiti, Head of the UAE Cyber Security Council, announced the official launch of the National Cybersecurity Strategy at the World Government Summit. The strategy goal is to boost the national economy and ensure the safety of critical infrastructure.

This initiative is a part of the broader program “We the UAE 2031” vision, a national plan for the state development, with a focus on social, economic, and development projects. The plan aims to further develop the UAE’s role as an influential economic hub and major global partner. Adoption of new technologies plays an important role in the diversification of the UAE’s economy and the enhancement of economic growth.

The National Cybersecurity Strategy is aimed at addressing the security issues arising from the process of rapid digitalization and widespread adaptation of ICT innovations, especially in the areas of artificial intelligence and the digital economy. The strategy is built around 5 key pillars to ensure a secure, resilient, and robust digital environment. Al Kuwaiti emphasized that the UAE is currently developing multiple policies to address the cybersecurity issues. One of the most prominent is cryptographic policy, which will be implemented in Q1 2025.