The Central Bank of Brazil (BCB) publicly disclosed the occurrence of a security incident that resulted in the exposure of personal data linked to Pix keys. The isolated failure occurred in the systems of Cashway Tecnologia da Informação S.A., the institution responsible for the custody and safeguarding of the affected data.
According to the BCB, no sensitive data was compromised — such as passwords, financial transaction histories, account balances, or any other information protected by banking secrecy. The data improperly accessed is of a registration nature only, and does not allow financial transactions to be carried out, accounts to be accessed, or any other confidential financial information to be obtained.
Individuals whose registration data was exposed as a result of the incident will be contacted exclusively through the app or internet banking of their respective financial institution. The Central Bank and the institutions participating in Pix emphasize that they will not use other communication channels — such as messaging apps, phone calls, SMS, or email — to notify affected users.
The Central Bank has already initiated the necessary steps for a thorough investigation of the incident and has assured that the sanctions provided for under current regulations will be applied to the responsible institution. Despite current legislation not requiring public disclosure for incidents of low potential impact, the BCB chose to inform the public about the event, reaffirming its commitment to the principle of transparency that governs its activities. The BCB maintains a dedicated page on its website to record security incidents.
This post was summarized from its original version with the use of AI, with human review.
Source: Central Bank of Brazil (BCB)