The Saga of Personal Data Theft


Last September, the PJ, in collaboration with the FBI, dismantled an online scheme of buying and selling personal data, whose server was hosted in Portugal.

Indeed, protecting personal data in an increasingly digital world can be challenging, especially when cyber attacks are increasingly sophisticated and recurrent.

The case that caught the world’s attention last month concerned a website, called WT1SHOP, which illegally made available about six million personal data and information such as names, addresses, bank account details, bank cards, access credentials to sensitive data, among other records.

In parallel to the site, there was also a forum with more than 100,000 users who, through payments in virtual currency, bought and sold personal information.

The dismantling of this group was carried out by the National Unit for the Fight against Cybercrime and Technological Crime (UNC3T) and the Unit of Technological and Informatics Expertise (UPTI). Also, according to the PJ’s statements, this activity generated revenues of around 4 million dollars.

In the same vein, TAP was also the target of a cyber-attack, where the data of more than 100,000 people was made public.

This saga of credential and personal data theft has increased individuals’ concern and distrust when providing private information.

At the enterprise level, Microsoft reveals that 54% of IT leaders have noticed an increase in Phishing attacks via email.

Email is one of the main communication tools and one of the most important and used by organizations and, is therefore, a fertile environment for the spread of threats. 

The truth is, not all malicious emails go to waste or spam. Hackers have been increasingly bold in their strategies to steal information, creating ways to make fake emails more enticing through social engineering, to the point where a single bad click can compromise an entire company.

An email attack may expose personal information of customers and employees, block documents, lead to financial losses and loss of credibility in the market, among other problems that may jeopardize the business and the company’s trust among others. On top of that, the Portuguese business fabric is mostly composed of small companies that usually have greater difficulty not only in perceiving the risk of malicious cyber activity, but also in preparing to deal with possible virtual attacks, such as malware variants.

All the parts that make up an email are alert factors and, as already mentioned by ActiveSys, there is no 100% effective protection. However, experts argue that the best strategy is to approach protection from an awareness point of view.

A study conducted by F-Secure reveals that employees are, in fact, increasingly aware and able to identify Phishing in their inboxes, constituting a breakthrough in terms of organizational awareness, a key point since reports state that one of the entry points of viruses is undoubtedly the uninformed workforce about cyber dangers.

Also in the same report, almost 60% of users say they report emails after checking for a suspicious link, incorrect senders, unreliable attachments or suspected spam. Spam which, according to data released by Cisco, in October 2021, more than 83% of email traffic globally was, in fact, spam.

Finally, an ESET study, Threat Report T1 2022 concluded that in Portugal, personal data theft malware grew 57.5%, a country where this phenomenon is more pronounced, despite being on the rise globally. “The growth of these threats reinforces the urgent need for organizations and users to protect their data and all their digital activity”, stresses Ricardo Neves, Marketing Manager at ESET Portugal.

We are living in the data era and this issue of credential theft is reflected in a problem of trust that is a determining factor in the purchasing decisions of any consumer, whether physically or online. It is therefore essential to ensure cybersecurity and contribute to digital literacy.

In order to contribute to raising awareness on this subject, and being October the month dedicated to cybersecurity awareness, we provide some tips for you to protect yourself from these massive thefts that we have been witnessing:

  • Use strong passwords and change them regularly;
  • Do not use the same password for different accounts;
  • Use multi-factor authentication;
  • Visit only secure sites;
  • Make software updates whenever they are requested;
  • Be aware of the applications and files you download and the links you click on;
  • Have up-to-date antivirus software;
  • Check that the contacts you receive are reliable;
  • Do not access public wi-fi connections;
  • Interact safely on social networks;
  • Destroy personal information;
  • Keep informed.

Cybercrime is real and it is imperative that a good security policy is in place.

ActiveSys is the ideal expert support to help your company properly implement good security practices. Please do not hesitate to contact us.


ActiveSys, we activate your business.

Scroll to Top