What Happened

In December 2025, iFood confirmed a data breach affecting 1.2 million users in Brazil. Hackers accessed names, phone numbers, addresses, and CPF numbers, but not passwords or financial data. The company disputes claims of a larger breach involving 43.8 million records.

Who Is Affected

The breach impacted 1.2 million iFood users, representing about 2% of its customer base. CPF numbers, similar to U.S. Social Security Numbers, were compromised, posing a risk of identity fraud.

Market Impact

• Increased scrutiny on Brazil's data protection laws (LGPD).
• Growing demand for cybersecurity solutions in the food delivery sector.
• Potential erosion of consumer trust in iFood and similar platforms.

What to Watch

Monitor ongoing investigations into the disputed larger breach claims. Watch for regulatory changes or enforcement actions by Brazil's data protection authority (ANPD). Track iFood's response and any shifts in market share or consumer behavior.