BC reports leak of registration data of 46 thousand Pix keys

By Wellton Máximo, reporter for Agência Brasil - A total of 46.093 Pix keys belonging to customers of Fidúcia Sociedade de Crédito ao Microempreendedor e à Empresa de Pequeno Porte Limitada (Fidúcia) had their registration data leaked.

The information was released this Monday (18) by the Central Bank (BC). This was the sixth data leak since the launch of the instant payment system in November 2020.

According to the Central Bank, the leak occurred due to specific failures in the payment institution's systems. The exposure, the Central Bank reported, occurred in registration data, which does not affect the movement of money. Data protected by bank secrecy, such as balances, passwords and statements, were not exposed.

Although the case did not need to be reported because of the low potential impact on customers, the authority clarified that it decided to disclose the incident in the name of its “commitment to transparency”.

All people whose information has been exposed will be notified via the Phi Pagamentos app or internet banking of the institution. The Central Bank emphasized that these will be the only means of warning about the exposure of Pix keys and asked customers to disregard communications such as phone calls, SMS and notifications via messaging apps and email.

Data exposure does not necessarily mean that all information has been leaked, but that it has been visible to third parties for some time and may have been captured. The Central Bank reported that the case will be investigated and that sanctions may be applied. The legislation provides for fines, suspension or even exclusion from the Pix system, depending on the severity of the case.

HISTORY - This was the sixth incident of Pix data leaks since the system was created in November 2020. In August 2021, 414,5 thousand Pix keys were leaked via telephone number from Banco do Estado de Sergipe (Banese). Initially, the Central Bank had announced that the leak at Banese had affected 395 thousand keys, but the number was later revised.

In January 2022, 160,1 thousand customers of Acesso Soluções de Pagamento had their information leaked. The following month, 2,1 thousand customers of Logbank Pagamentos also had their data exposed.

In September 2022, data from 137,3 thousand Pix keys from Abastece Ai Clube Automobilista Payment Ltda. (Abastece Aí) were leaked. The most recent case occurred in September last year, when 238 Pix keys from Phi Pagamentos were exposed.

In all cases, registration information was leaked, but passwords and bank balances were not exposed. As mandated by the General Data Protection Law, the monetary authority maintains a page where citizens can track incidents related to their Pix key or other personal data held by the Central Bank.