Brazil has seen an improvement in its data breach situation, with an 80% decrease in the number of cases seen in the first three months of 2022, according to new research by cybersecurity company Surfshark.

Over 285,000 Brazilians were breached between January and March, placing Brazil in the 12th position in the ranking of most breached countries globally. That compares with the situation in the last quarter of 2021, when Brazil occupied the fifth spot on the list with 1.45 million breached accounts, with major incidents involving organizations such as the Ministry of Health and Experian.

According to the research, Russia topped the list of breached individual accounts in the first quarter of 2022, with more than 3.5 million users affected. The US ranks second on the list, followed by Poland, France, and India. 

On the other hand, data management incidents involving large companies continue to emerge in Brazil. For example, last week, the company running the network of McDonald’s restaurants in Latin America told some of its customers that their data could have been exposed after an incident involving one of its third-party suppliers.

Arcos Dorados sent an email to some of its customers on Sunday (17) saying some of their data – including names, addresses, emails, telephone numbers, and social security numbers – was potentially exposed after the event.

On the other hand, the firm said no sensitive data was exposed in the incident and included two email addresses customers could use to get in touch.

Contacted by ZDNet, the company said that when it became aware of what had happened, it took the appropriate measures and contacted consumers that had their data exposed – the local data protection legislation requires companies to do so. Moreover, Arcos Dorados said it has also informed the National Data Protection Authority (ANPD).

“Arcos Dorados repudiates this criminal activity and is working continuously to strengthen measures to protect its customers’ data, including reviewing and constantly updating security systems. We regret the situation and are providing communication channels to clarify any questions consumers might have”, the company added, without disclosing the name of the supplier that had exposed the data.

The company isn’t new to major data exposure incidents. In 2019, Brazilian cybersecurity website The Hack reported that an unprotected Elasticsearch environment managed by an Arcos Dorados supplier had exposed over 2.3 million sensitive data records, including data from over 1 million McDonald’s employees.