The Central Bank of Brazil (BC) publicly announced a security incident involving personal data linked to Pix keys. The breach resulted from isolated failures in the systems of QI SCD S.A., the institution responsible for storing that information. The BC emphasized that the principle of transparency guided the decision to disclose the incident, even though it is not a legal requirement given the low potential impact on users.
According to the notice, the exposed data is of a registration nature and does not include sensitive information such as passwords, financial transactions, account balances, or any data protected by banking secrecy. The BC stressed that the information obtained does not allow access to users' accounts or enable any financial transactions.
Individuals affected by the incident will be notified exclusively through the app or internet banking of their respective financial institutions. The BC warned that neither it nor the participating institutions will use other communication channels — such as messaging apps, phone calls, SMS, or email — to contact impacted users.
The Central Bank stated that all necessary measures have already been taken to thoroughly investigate the case and that sanctions provided under current regulations will be applied. In addition, the institution maintains a dedicated page on its website to record security incidents of this type, reinforcing its commitment to transparency and the security of the financial system.
Source: BACEN
This post was summarized from its original version using ChatGPT version 4, with human review.