Sptrans.com.br

In late 2020 a significant data breach occurred at SPTrans the public transport management company for Sao Paulo Brazil. The incident involved an unauthorized access to the Bilhete Unico user database which manages public transport fare cards. The exposed data includes sensitive personal details of millions of commuters. Investigations revealed that the breach was likely due to a vulnerability in the web application allowing attackers to extract user information. The company later notified users and the Brazilian Data Protection Authority about the security failure.