#FactCheck: AI-Generated Audio Falsely Claims COAS Admitted to Loss of 6 Jets and 250 Soldiers

Introduction

‍

Over the last few years, several public data breaches in Venezuela have revealed a lack of cohesion and progress in its data privacy system and left many people susceptible to fraud, identity theft and long-term harm via the internet. It is clear from these data breaches that when organizations fail to adequately protect their data, both through cybersecurity failures and weak legal protections, they can lead to problems throughout an entire system through which all individuals in the system could potentially suffer.

Among the more notable breaches are the Movistar Venezuela data breach from 2025 and the Cashea App data leak from earlier this year. Each of these examples demonstrates to some extent how the absence of an adequate privacy regulatory scheme can worsen the results of a data breach.

‍

The Movistar Breach: A Regulatory Warning (2025)

‍

Venezuelan digital rights group VE Sin Filtro published a report late in April 2025, which found a database revealed to have been opened onto the internet containing personal information belonging to over 3.2 million Movistar customers. The initial breach contained personal, and confidential, data of Venezuelan citizens such as national identification numbers, full names, city of residence, and phone numbers which could have been exploited to commit identity theft, SIM-swap fraud, and targeted scams.

One significant issue with this situation was that Movistar failed to disclose the breach publicly or contact impacted customers at the time of the disclosure. As a result, there appears to be a significant gap in Sanctions / Other Means of Enforcing Security Countermeasures Laws. Since there are numerous countries that enforce GDPR-style regulations and as such, this matter should lead to a complete investigation and possible fines against those responsible but in Venezuela there is still a lack of accountability.

‍

Cashea App Leak: A 2026 Data Shock

‍

A second alleged data breach came to light in February of 2026. It involved a Venezuelan buy-now-pay-later (BNPL) fintech called Cashea App, which is typically heavily utilized domestically. Reports have circulated that threat actors have been offering a database, believed to hold more than 79 million transaction records. This is more than double the size and sensitivity of the data involved in the Movistar Breach.

According to reports, the leaked data included:

1. Bank account details and payment methods
2. Merchant profiles and internal business identifiers
3. Detailed transaction histories with names, national ID numbers, timestamps, and installment data

This level of exposure goes far beyond basic identifiers. Financial transaction histories combined with personal identifiers enable sophisticated fraud, targeted social engineering, and long-term misuse of financial identities. As with the Movistar breach, no official acknowledgment or notification was issued by Cashea at the time of reporting, again underscoring Venezuela’s weak enforcement environment.

‍

Why These Breaches Matter: The Legal Dimension

‍

The incidents show us that there is a bigger problem with the way Venezuela has set up its framework for protecting data. For instance, the Venezuelan Constitution recognises the principles of data protection and privacy; however, these rights only exist in a theoretical manner; they lack implementing legislation, procedural clarity, and institutional enforcement.

‍

Constitutional Basis of Data Protection

‍

The Supreme Tribunal of Justice (TSJ) stated the core principles for protecting data are found in the Venezuelan Constitution. After the TSJ issued its 2011 ruling, Article 28 of the Venezuelan Constitution gives individuals the right to know what data the state has about them, how the state uses that data, and to correct or delete any harmful data. Article 60 of the Venezuelan Constitution protects individuals' privacy and restricts excessive data collection by the state.

The Constitutional Chamber also put into place additional guiding principles for how to protect personal data, including:

1. The data subject must give prior informed and revocable consent.
2. The purpose for which the data is collected must be specified and only the minimum amount of information necessary can be collected.
3. The data collected must be accurate and of good quality.
4. There are confidentiality obligations for third parties regarding the use of the data.
5. It is the government's responsibility to put into place procedures and mechanisms to monitor compliance with the data protection laws.
6. There are civil, criminal and administrative liabilities for individuals and legal entities that violate the data protection laws.

But, in a civil law country, when courts make rulings, they usually are persuasive only as opposed to being legally binding, and even constitutional rulings cannot be implemented until enabling legislation is passed.

‍

Absence of a Comprehensive Data Protection Law

‍

In contrast to the European Union's GDPR (General Data Protection Regulation), the United States' sectoral approach, and emerging Latin American data protection systems such as the ones in Brazil, Chile and Colombia, Venezuela has no independent data protection law. This lack of law leads to numerous types of uncertainty in the realm of data protection laws:

1. No defined data controller or processor obligations
2. No standardized lawful bases for processing
3. No clear breach notification timelines
4. No independent data protection authority
5. No procedural pathway for individuals to seek redress

As a result, data protection in Venezuela is not treated as an independent legal discipline but instead becomes derivative, arising incidentally within constitutional litigation or sector-specific disputes.

‍

Regulatory Fragmentation and Institutional Weakness

‍

Due to the TSJ decisions made in 2011, there has been a lack of regulatory action taken in a systematic fashion and instead most actions have been done on a case by case basis as valid incidents arise. The National Cybersecurity Council was established in 2024; however, its function is to support the establishment of cybersecurity infrastructure and has no defined powers regarding the enforcement of privacy.

This creates a fragmented institutional landscape where:

1. Authorities lack clear jurisdiction over privacy violations
2. Companies face minimal compliance guidance
3. Individuals struggle to understand or enforce their rights

The Movistar and Cashea incidents highlight how this fragmentation translates into practical impunity following major data exposures.

‍

What’s Next? A Legal Opportunity for Reform

‍

The repercussions of insufficient safeguards for data protection extend past the damage incurred to a person's privacy:

1. Loss of trust in both financial and digital services
2. Heightened likelihood of financial fraud and crime
3. Lack of willingness from foreign companies to conduct business with Venezuela’s platforms.
4. Long-term negative impact on the reputation of domestic companies.
5. Possible inability to access cross-border transfer of data due to other jurisdictions’ decisions to restrict transfers into jurisdictions without cutting-edge enforcement of protections for privacy.

In a digital economy that increasingly requires robust data protection to function successfully, a lack of action to create strong protections will cause a significant economic impact.

‍

Conclusion

‍

Major data breaches such as the ones at Movistar in 2025 and Cashea App in 2026 show that constitutional privacy rights alone are insufficient without enforceable legal framework. Privacy laws must move from being just a principle to being a law that has institutions, procedures, and accountability to make sure the privacy of the users is protected.

Now with the global digital economy being so interconnected, not having regulations creates openings for vulnerabilities for people. If Venezuela hopes to protect their citizens, create an innovation-friendly environment, and compete in the global market, they must implement comprehensive data privacy reforms as soon as possible.

‍

REFERENCES 

‍

1. https://iapp.org/news/a/venezuela-data-breach-highlights-scattered-privacy-regulation
2. https://www.apolocybersecurity.com/en/blog-posts/ciberataque-a-movistar-que-ha-pasado-a-quien-afecta-y-como-proteger-tus-datos
3. https://darknetsearch.com/knowledge/news/en/cashea-app-data-leak-79m-records-exposed-in-venezuela/
4. https://www.binance.com/en-IN/square/post/294369884695410

‍

As e-commerce companies expand their base and sell a wide range of products on their platforms, attackers continue to look for newer avenues to exploit and potential loopholes to perpetuate scams. A recent method used by scammers is the brushing scam, which targets online shoppers to drive sales. As per reports, it is already being conducted on popular and trusted e-commerce websites such as Amazon and Alibaba Express, and online shoppers must exercise caution with regard to the packages they receive.

The Brushing Scam

Deriving its name from China’s e-commerce practice, this scam includes sellers creating and sending fake orders to unsuspecting individuals, posing to be from e-commerce websites in order to ‘brush up’ the sales figures of their product. The products received are usually low quality and contain items such as low-cost jewellery, seeds, and random gadgets, among other things. The aim is to manipulate reviews for a particular product and make it seem popular so other buyers online are encouraged to purchase the items marketed. Most online shoppers today check reviews before making a purchase, and popular items and seemingly-trustworthy reviews can go a long way towards influencing customer behaviour. Since many platforms do include labels to authenticate reviews tied to genuine purchases to counter fake reviews, scammers have evolved a step further to develop an MO for fake reviews that holds up against basic levels of scrutiny. Some of the packages received under the brushing scam also have QR codes which once scanned lead the receiver to malicious websites.

CyberPeace Insights

Mysterious deliveries that have no information but your name and address may seem tempting to many, as receivers might assume that it could be a marketing gig and free products to try for the sake of promoting a product. The credibility of such deliveries increases as they are packaged to show that these are delivered through trusted online shopping and e-commerce sites. However, even though receiving products for free might seem harmless, it is advised that unknown items be dealt with carefully, more so when addressed to an individual with personal details. Receiving an order itself is an indication that personal information such as one’s name and address has been compromised, and it is likely that the sellers are involved in procuring personal information through a third party, often using illegal methods.

Registering complaints to the concerned e-commerce websites is encouraged, as the frequency of cases raises questions and encourages platforms to take action to ensure a secure buying and delivery experience from their end. An awareness of such scams being carried out for their customers could encourage caution on the part of these platforms and prove to be helpful in addressing the issue on multiple levels. On the part of the receivers, they can change the passwords of their e-commerce accounts and use a 2FA (2-factor authentication) for better security. They should also exercise caution while receiving such parcels, and avoid scanning QR codes on suspicious items.

References

1. https://www.livemint.com/technology/tech-news/brushing-scam-explained-from-fake-orders-to-reviews-how-fraudsters-are-manipulating-online-shopping-platforms-11735824384866.html
2. https://www.indiatvnews.com/technology/news/beware-of-amazon-scams-how-fraudsters-use-fake-reviews-to-sell-counterfeit-products-2025-01-02-969115
3. https://www.indiatoday.in/technology/news/story/brushing-scam-now-makes-buzz-as-it-targets-online-shoppers-everything-you-need-to-know-2659172-2025-01-03
4. https://www.msn.com/en-in/money/news/brushing-scam-now-makes-buzz-as-it-targets-online-shoppers-everything-you-need-to-know/ar-AA1wTvon 

‍

Executive Summary:

‍

Recently, our team came across a widely circulated post on X (formerly Twitter), claiming that the Indian government would abolish paper currency from February 1 and transition entirely to digital money. The post, designed to resemble an official government notice, cited the absence of advertisements in Kerala newspapers as supposed evidence—an assertion that lacked any substantive basis

‍

‍

Claim:

‍

The Indian government will ban paper currency from February 1, 2025, and adopt digital money as the sole legal tender to fight black money.

‍

‍

‍

Fact Check:

‍

The claim that the Indian government will ban paper currency and transition entirely to digital money from February 1 is completely baseless and lacks any credible foundation. Neither the government nor the Reserve Bank of India (RBI) has made any official announcement supporting this assertion.

Furthermore, the supposed evidence—the absence of specific advertisements in Kerala newspapers—has been misinterpreted and holds no connection to any policy decisions regarding currency

During our research, we found that this was the prediction of what the newspaper from the year 2050 would look like and was not a statement that the notes will be banned and will be shifted to digital currency.

Such a massive change would necessitate clear communication to the public, major infrastructure improvements, and precise policy announcements which have not happened. This false rumor has widely spread on social media without even a shred of evidence from its source, which has been unreliable and is hence completely false.

We also found a clip from a news channel to support our research by asianetnews on Instagram. 

‍

‍

‍

We found that the event will be held in Jain Deemed-to-be University, Kochi from 25th January to 1st February. After this advertisement went viral and people began criticizing it, the director of "The Summit of Future 2025" apologized for this confusion. According to him, it was a fictional future news story with a disclaimer, which was misread by some of its readers.

‍

The X handle of Summit of Future 2025 also posted a video of the official statement from Dr Tom.

‍

‍

‍

Conclusion:

‍

The claim that the Indian government will discontinue paper currency by February 1 and resort to full digital money is entirely false. There's no government announcement nor any evidence to support it. We would like to urge everyone to refer to standard sources for accurate information and be aware to avoid misinformation online.

• Claim: India to ban paper currency from February 1, switching to digital money.
• Claimed On: X (Formerly Known As Twitter)
• Fact Check: False and Misleading