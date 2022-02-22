Procon-SP (Consumer Protection and Defense Program) notified B2W Companhia Digital – responsible for the Americanas and Submarino websites – to ask for explanations about the suspension of access, which began over the weekend.

The websites of the Americanas and Submarino stores, two of the main e-commerce platforms in Brazil, showed instability and were offline after the platforms registered problems with user access and rumors that the websites were targets of hacker attacks. The company cited an “unauthorized access”.

Procon-SP asks that it be clarified when the problem was found; what is the forecast for its regularization; what measures and procedures related to security protocols were implemented; and what measures were taken to mitigate possible damage resulting from the reported attack.

Explanations were also requested on what type of transactions and operations were and still are compromised; what are the impacts for the consumer; whether the attack affected the company’s database and what kind of information was affected.

The problems reported in Downdetector – a tool that monitors the functioning of companies’ digital services – affect the website, the mobile application and the login system. There are reports of users unable to access the app since Thursday (17) night.

Consumer rights

B2W must inform about how the consumer can exercise rights established in Law 8.078/90, such as the right, in the case of online purchases, to regret it within seven days and receive any amounts paid back, as well as requests for exchange or regularization of problems related to essential products, whose exchange or repair must happen immediately; in addition to clarifying whether an alternative channel was made available for consumer contact.

Procon-SP wants B2W to inform – and verify – that it adopts security, technical and administrative measures to protect personal data from unauthorized access and from accidental or illegal situations of destruction, loss, alteration, communication or any form of treatment. inappropriate or illicit, as provided for in art. 46 of the LGPD (General Data Protection Law).

The company must also clarify whether it has a data manager appointed and whether it has trained its employees on the application of the LGPD.