On Sunday Oct 17th Atento Security team detected irregular activity on one of our networks in Brazil. Immediately, we deployed all available cyber security protocols in order to contain, assess, and neutralize the threat.
From the beginning, our priority has been to ensure the protection and integrity of our customers and employees data. We have implemented all available cybersecurity protocols within our reach to assess, contain and neutralize the threat. Among the initiatives, to prevent any risk, we proactively isolate the impacted systems and also suspend external connections.
As the investigations progressed, it was found that personal data of employees/former employees of Atento Brasil Group companies were exposed.
Therefore, committed to transparency in the relationship with our employees, even with ongoing investigations, we provide some clarifications below.
For further questions regarding your personal data, please feel free to contact us by email xxxxxxxx
There is evidence that there was a data leak from our company’s systems and, striving for transparency with our employees/former employees, we believe it is important to share the implications that may result from this attack.
It is also worth noting that regardless of this communication, we continue to collaborate with the authorities and external consultants to mitigate the possible impacts of the attack.
Atento informed the competent authorities, including the police, as well as the authority responsible for the protection of personal data in Brazil. Thus, we are acting cautiously and cooperatively with all of them, seeking to mitigate any impacts that the criminal attack may cause to employees/former employees and customers.
Immediately, on Sunday (10/17/2021), Atento communicated the incident to the competent authorities. Once the security incident was identified, a Crisis Committee was established, involving the company’s executives, who decided to establish the following immediate actions:
- Proactive removal of all connections and communications links, both internal and external, with customers, Atento websites and other countries , aiming to protect the company’s information and our employees and customers data, containment, isolation and propagation of the incident.
- Activation of Consulting services specializing in critical incident management;
- Conducting communication to key customers;
- Monitoring and management by Atento’s Senior Management team in Brazil and globally, through permanent control points during the event;
- Gradual resumption of Services planning.
Unfortunately, this type of attack has grown around the world, involving companies that operate in different segments. Brazil is the world’s second largest targeted country for cyber attacks, second only to the United States. To give you an idea, in the first half of 2021 alone, there were more than 439,000 attacks in the country.
Atento and its customers were another victim of this criminal act, which has affected the corporate systems of companies.
First of all, know that Atento is doing everything that is technically and legally possible to control the situation. There is a possibility for the cybercriminal group to publish data on the deep web or deep internet, which is not accessed by everyone. This does not mean that your data will be accessible to anyone on the Internet or that it will be known to everyone. However, we recommend that you keep an eye out for any suspicious activity on your devices, social media accounts, and email or bank account.
The technical analysis, in progress, has detected evidence that a data leak has occurred from our company’s systems. This evidence resulted in the exposure of some information from our employees/ex-employees as xxxxxxx
There is a possibility for the cybercriminal group to publish data on the deep web or deep internet, which is not accessed by everyone. This does not mean that your data will be accessible to anyone on the Internet or that it will be known to everyone. However, we recommend that you keep an eye out for any suspicious activity on your devices, social media accounts, and email or bank account.
Files with the personal data of employees/ex-employees were accessed. Although it is different in each case, the file contained identification and contact details, professional data and bank data, such as information about the branch and account for salary payment.
You can change your passwords and monitor any suspicious activity that might happen with your data.
Pay close attention to emails and, if you detect any suspicious emails, be careful and never open emails from unknown recipients.
In case of doubts regarding your bank account, contact your bank and monitor your account movements.
You can also check the Go to Have I Been Pwned website, which shows e-mails and passwords that have already been leaked, together with details of how they were leaked.
If you have any questions, please contact us via email xxxxxxxxxxx
Feel free to reach out to them if you think it is necessary. In addition, if you have noticed any suspicious activity with your data, regardless of other measures, please contact us via email xxxxxxxxxxx
Do not access websites that offer this type of information, it can be a trap to capture additional information.
Although we do not have personal passwords for our employees and this topic is not related to Atento, as an additional tip of known best practices for internet security issues, if you are interested in checking if your email or passwords have been ever leaked, we suggest you consult Go to Have I Been Pwned, a site that shows this type of information.
It is important to monitor suspicious emails, text messages and communications in the coming days, especially requests for information from strangers. In addition, you can check if your CPF was used for a loan on the website of the Central Bank of Brazil, available here for free registration – https://www.bcb.gov.br/cidadaniafinanceira/registrato
Atento already has strict protocols to guarantee the security of data, being certified with the highest standards and norms of information security, such as ISO 27001 – Information Security Management – and ISO 20,000 IT Service Management. In addition, Atento acts in accordance with the provisions of the General Law for Personal Data Protection . Even so, Atento will continue to implement measures for continuous improvement of its security structure. After all, the safety and protection of our employees and customers continue to be a priority for the company.
We will keep you updated on any new facts relating to the investigations and developments in the case. You can also contact firstname.lastname@example.org (to be created) for further clarification.