In this edition of the Cybernews, we highlight the main news on data protection in August 2025.
First, the CNJ reported the leak of data linked to the PIX key of 11 million users of the service, as a result of unauthorized access by third parties to the Judicial Assets Search System (Sisbajud).
In addition, the Superior Court of Justice (STJ) ruled that credit databases cannot share consumers' personal information without consent. The STJ ordered the defendant to pay BLR 11,000 in moral damages and to refrain from sharing the plaintiff’s data without prior authorization, except for other databases. The recent ruling by the STJ reinforces a new paradigm for the data management sector in Brazil, where unauthorized sharing of data results in compensable moral damages.
Finally, the TJ/MG sentenced a credit protection agency to indemnify a consumer in R$ 10 thousand reais for moral damages, after the improper sharing of his personal data, in violation of the LGPD. The decision recognized a failure in the security of information and highlighted the vulnerability of the consumer in the face of the economic power of the company, also applying the principles of the Consumer Protection Code. The case reinforces the importance of data protection and the responsibility of companies in the treatment of this information.
