Vivo should provide explanations about the flaw that exposed customer data that used the Meu Vivo portal. Telefônica Brasil, owner of the operator, was contacted by Anatel (National Telecommunications Agency) and Procon-SP, who want to know what has been done to solve the problem.
According to the Estadão, Anatel said it will investigate the failure and apply sanctions against Vivo if it concludes that there has been an infringement of consumer rights. The agency did not detail how the process will be handled, nor what sanctions are possible.
Procon-SP, in turn, called the company on Wednesday (6). The objective is to clarify what caused the security breach and what measures the company is taking to resolve the situation and serve the affected customers.
The agency gave the company 15 days to send its response and, after that, it will present a decision within 30 days. Telefônica may be fined up to R $ 10 million, as provided by the Consumer Protection Code (CDC).
The failure of the Meu Vivo portal, which allows customers to access data about telephone, internet and TV plans, would have affected 24 million people, according to experts heard by the Twitter. Vivo, however, claims that the actual number is “considerably less”.
Anyway, a vulnerability in the access token would have exposed data such as full name, address, date of birth, RG, CPF, e-mail and cell phone number. The operator says it neutralized the flaw in the portal less than three hours after it was identified.