Brinztech Alert: The Alleged Database of Notin is Leaked

Dark Web News Analysis

The dark web news reports a catastrophic data breach involving Notin, a platform likely serving the legal and notary sector. A threat actor on a hacker forum has released a massive 145 GB database containing highly sensitive personal and financial documentation.

The compromised data is not just a text list but a trove of digitized files in PDF, JPG, and BAK (backup) formats. The content is exceptionally sensitive, including scanned National Identity Cards (DNI), Passports, Foreigner Identification Numbers (NIE), and Notarial Deeds. These documents contain detailed financial transaction records, Confidential Tax Returns, internal notary accounting logs, property deeds, and granular financial data such as account numbers and income statements.

Key Cybersecurity Insights

This breach represents a “worst-case scenario” for data privacy because it involves digitized official documents rather than just database rows. This allows for high-level fraud that is almost impossible to detect:

• Real Estate & Mortgage Fraud: The exposure of Notarial Deeds and Property Details alongside the owner’s Passport/DNI creates a direct path for property fraud. Attackers can use these documents to forge ownership transfers, take out fraudulent mortgages against a victim’s home, or even attempt to sell the property without the owner’s knowledge.
• KYC Bypass (Identity Takeover): Most “Know Your Customer” (KYC) systems require a user to upload a photo of their ID. Since this leak contains JPG scans of passports and IDs, attackers have the “master keys” to bypass biometric verification at banks, crypto exchanges, and government portals.
• Financial Profiling: The leak of Tax Documents and Income Details allows criminals to target high-net-worth individuals (“Whaling”). They know exactly how much money a victim has, where they bank, and what assets they own, enabling highly sophisticated extortion or kidnapping schemes.
• Unstructured Data Risk: The presence of .BAK and .PDF files indicates that the attackers accessed a backup server or a document management system. Unstructured data is often harder to monitor than structured databases, meaning this exfiltration might have gone unnoticed by Data Loss Prevention (DLP) systems for a long time.

Mitigation Strategies

To protect legal integrity and individual assets, the following strategies are recommended:

• Property Registry Lock: Individuals potentially affected should immediately contact their local Land Registry to set up alerts for any attempted changes to their property deeds.
• Identity Fraud Alert: Victims must report their DNI/Passports as compromised to the authorities. Financial institutions should be warned to flag any new account openings using these specific identity documents.
• Forensic Audit: Notin must conduct an urgent forensic analysis to determine how 145 GB of data was exfiltrated. This volume of traffic should have triggered network anomaly alerts.
• Client Notification: Due to the legal sensitivity, Notin (and the notary offices using it) has a strict ethical and legal obligation to notify clients so they can freeze their credit and monitor their tax filings.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com