iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
🚨 Brazilian food delivery app iFood has confirmed that it fell victim to a data breach in December 2025, impacting 1.2 million users, which accounts for about 2% of its customer base. On June 3, the company announced that hackers accessed names, phone numbers, addresses, and CPF numbers. CPFs are Brazilian taxpayer identity documents, similar to Social Security Numbers (SSN) in the United States, used for various everyday tasks like opening bank accounts and verifying identity. Fortunately, iFood clarified that no passwords, bank details, or credit card records were compromised.
This confirmation comes after a dispute regarding the scale of the attack. On May 28, 2026, a hacker known as bacen claimed to have stolen around 43.8 million customer records from the app, threatening to leak the data unless iFood paid a ransom by June 10. However, iFood strongly denied these claims, stating they found no evidence to support such massive numbers. According to a report from Brazilian news site TecMundo, hackers are disputing iFood’s official narrative. A hacker named Harold indicated that the 1.2 million leak acknowledged by iFood is a separate security issue from December, and their larger theft might still be valid.
This incident has raised concerns about Brazil’s data protection law, known as LGPD, which governs how companies handle private data. iFood opted not to send formal alerts to affected users, explaining that under the rules of Brazil’s data protection authority, the ANPD, companies are not required to notify users if the incident does not pose a real danger or harm. iFood stated: “The incident was handled and assessed in strict compliance with the law, which waives reporting and communication when the event does not create relevant risk or damage to data holders, according to regulatory criteria defined by the ANPD.” Nonetheless, this situation is alarming, as CPF numbers are highly sought after by scammers for identity fraud.
iFood assured that its safety systems quickly addressed the issue and urged customers to only trust messages sent through its official app.