leaksear.ch indexed a dataset labelled Bank of Brazil on May 23, 2026 containing 202 records with exposed emails, names, addresses, countries, phone numbers, and bank information (leaksear.ch metadata). Public sources identify Banco do Brasil S.A. as a Brasília-headquartered Brazilian bank, founded in 1808 and operating primarily in Brazil, but the leak metadata does not state a breach date, source system, or exposure method (www.britannica.com, stockanalysis.com).
What happened
The available leak metadata is limited to an indexed dataset: 202 records, indexed on May 23, 2026, with no reporter, no reference links, and no listed breach date (leaksear.ch metadata). Because the metadata does not identify ransomware, scraping, third-party compromise, misconfigured storage, or a direct bank-system compromise, those vectors should be treated as unconfirmed.
For incident responders, the important distinction is that this is an exposure notice for a small dataset carrying bank-related context, not a public attribution of how the data was obtained. Brazil's ANPD says security incidents involving personal data that may cause relevant risk or damage must be communicated to the authority and affected data subjects, and that communication to affected people is a key mitigation step (www.gov.br).
What data was exposed
leaksear.ch indexing metadata lists the exposed fields as address, country, email, name, and phone (leaksear.ch metadata). The records also include a bank field stored with the records, but the metadata does not identify account numbers, card data, passwords, transaction histories, CPF numbers, or document images (leaksear.ch metadata).
Why this matters
A record set of 202 entries is small, but names combined with emails, phones, addresses, and bank context can be enough for targeted phishing, voice scams, and identity verification abuse. Individuals should be cautious with unsolicited Bank of Brazil or Banco do Brasil-themed messages, and ANPD advises people not to use suspicious leak-check sites, to monitor potentially related accounts, and to report fraudulent use to providers and police (www.gov.br). Security teams should treat the combination of contact details and bank context as a phishing pivot and monitor for support tickets, fraud reports, or look-alike domains using this branding. If you are concerned your information appears in this leak, use leaksear.ch to check your exposure.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, and phone.