FILTERING BY: CLEAR FILTER

IFood: Unauthorized Access to SIRA Portal Exposes 1.2 Million User Records

iFood confirmed a data breach originating in December 2025 that exposed the personally identifiable information (PII) of approximately 1.2 million users. The attack targeted the Sistema iFood de Resposta às Autoridades (SIRA), a restricted portal designed for judicial and administrative data requests. Threat actors gained access using compromised credentials belonging to an external agency, rather than an internal iFood system failure. The exfiltrated data includes full names, phone numbers, physical addresses, and Cadastro de Pessoas Físicas (CPF) numbers. While authentication credentials and financial instruments remained secure, the exposure of CPFs—the primary identity anchor in Brazil—creates significant risk for high-fidelity identity theft and social engineering.


LINK COPIED TO CLIPBOARD