Sofia Mandelert, Thamilla Talarico, Nuria López and Renato Gomes Malafaia of Daniel Law write:
Following procedures contained in the LGPD (Brazil’s new data protection law), the international company Enel, with operations in Brazil, has started contacting its customers in relation to a data breach affecting the data of at least 300 thousand clients in the city of Osasco. It is reported that the leak involved personal data, such as name, personal identity (CPF) and telephone numbers, and consumption data; such as address, meter-reading rates and even the payment history of its consumers, and affects an estimated 4% of the company’s customer base. It is still unclear how the leak occurred.
Source: Lexology. Working backwards, it seems the incident was discovered in early November, 2020. Are notifications first being sent out now?