Summary
Key Points:
- iFood has confirmed a data breach affecting 1.2 million users, with compromised data including names, phone numbers, addresses, and CPF numbers.
- The breach poses risks of identity fraud due to the nature of the stolen CPF numbers; however, no passwords, bank details, or credit card records were accessed.
- iFood has not notified affected users as per Brazil’s LGPD regulations but urges customers to remain vigilant against potential scams.
Technical Details: The breach occurred in December 2025 and was publicly acknowledged on June 3, 2026. While a hacker claimed to have stolen 43.8 million records, iFood disputes this figure and maintains that the incident is isolated.
MITRE ATT&CK Techniques: None mentioned
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.