"Article written to `/Users/openclaw/detran-sp-data-leak.md`. Here is the complete output:"

Article written to /Users/openclaw/detran-sp-data-leak.md. Here is the complete output:

title: "DETRAN SP: pl4t0v Free Database Leak of 13 Million Records" date: 2026-06-29 slug: detran-sp-data-leak

DETRAN SP: pl4t0v Free Database Leak of 13 Million Records

A threat actor using the handle pl4t0v has allegedly published a 13 million record database belonging to DETRAN SP, the São Paulo state vehicle and identification authority, offering it as a free download on a dark web forum. The post, observed on June 29, 2026 and reported by Dark Web Informer, includes a sample, a table schema, and a download link for a 1.59GB SQLite file said to contain Brazil's core national identifiers paired with full names, addresses, and biometric references. The claim remains unverified, and DETRAN SP has not publicly addressed it.

What Happened

On June 29, 2026, an actor operating as pl4t0v posted to a dark web forum claiming to release the full DETRAN SP database for free. According to the listing, the dataset spans roughly 13 million records totaling 1.59GB, delivered as a SQLite (.db) file. The actor provided a sample of records, the underlying table schema, and a direct download link, framing the release explicitly as a free leak rather than a sale.

Two redacted screenshot previews accompanied the post. As of publication, the authenticity and full scope of the data have not been independently confirmed, and DETRAN SP has issued no public statement. Given the scale and sensitivity of the records, this would warrant urgent attention from Brazilian authorities, including the ANPD, the national data-protection authority.

What Was Taken

The actor claims the leak contains approximately 13 million records combining a comprehensive set of personal identifiers. Reported fields include:

Full names
CPF and RG national ID numbers
Dates of birth and gender
Parents' names (filiação)
Full residential addresses
Phone numbers and email addresses
ID photo and biometric references

This combination is significant because it pairs Brazil's permanent national identifiers, the CPF and RG, with the supporting personal details, parents' names, dates of birth, and addresses, that are routinely used to verify identity. The presence of references to ID photos and biometric collection raises the stakes considerably, since biometric data and national ID numbers cannot be reset or reissued the way a password or payment card can.

Why It Matters

This is a critical exposure because it concerns Brazil's core national identifiers at massive scale. The specific blend of full name, CPF, RG, date of birth, parents' names, and full address is precisely the data set used in Brazil to open bank accounts, obtain credit and loans, and pass identity-verification checks. In the wrong hands, it enables large-scale identity theft, financial fraud, and account takeover.

Beyond direct fraud, verified personal details allow attackers to craft highly convincing phishing and impersonation campaigns that are difficult for victims to distinguish from legitimate contact. Because the dataset is reportedly free to download rather than sold, any exposure may already be spreading widely across forums and channels, multiplying the number of potential abusers and making containment effectively impossible. For a government identity authority, a breach of this nature also erodes public trust in the systems citizens are compelled to use.

The Attack Technique

The forum post does not disclose how the data was obtained, and no intrusion vector has been confirmed. The actor describes only the result, a complete database extract, not the method. The data being distributed as a single SQLite (.db) file is consistent with a wholesale database export, which can result from compromised credentials, exposed or misconfigured database services, vulnerable web applications, or third-party and supply-chain access rather than a direct breach of DETRAN SP itself. Until DETRAN SP or investigators confirm the source, attribution of technique remains speculative, and the leak's authenticity itself is still unverified.

What Organizations Should Do

Government and identity agencies should audit database access controls, credential hygiene, and exposure of database services, and review logs for unauthorized bulk exports consistent with a full table dump.
DETRAN SP and Brazilian authorities should engage the ANPD promptly, validate the sample against internal records to assess authenticity, and prepare breach notifications if confirmed.
Financial institutions and lenders relying on CPF and RG verification should treat these identifiers as potentially compromised, increasing scrutiny and adding step-up verification for new accounts and credit applications.
Organizations holding similar citizen data should segment and encrypt sensitive databases, enforce least-privilege access, and monitor for anomalous large-volume queries that indicate exfiltration.
Potentially affected individuals should monitor for fraudulent accounts and credit activity, be alert to phishing that cites accurate personal details, and use available credit-freeze and fraud-alert mechanisms.
Threat intelligence teams should track pl4t0v and monitor forums and channels for redistribution of the dataset, since a free leak tends to propagate rapidly.

Sources: Brazilian DETRAN SP Database of 13 Million Records Allegedly Leaked for Free