Brazil's Central Bank reports personal data leak of 160,000 PIX keys

According to the note, no sensitive data, such as passwords, information on transactions or financial balances in accounts were exposed

Pix first year rise popularity and challenges in security
PIX celebrates one year anniversary with huge popularity and security challenges. Photo: Marcello Casal Jr/Agência Brasil
Ler em português

Brazil‘s Central Bank reported this Friday the leakage of personal data linked to PIX keys that were under the custody and responsibility of the payments institution Acesso. PIX is the country’s instant payments system. To make a transaction through PIX, citizens must use one key, which can be their tax-ID number, email or phone number.

According to the BC, among the potentially exposed data are user name, ID, relationship institution and branch number, and account of 160,147 PIX keys. The occurrence was observed between December 3 and 5, 2021.

READ ALSO: Brazil’s instant payment system, PIX is used by 8 out of 10 small businesses

According to the note, no sensitive data, such as passwords, information on transactions or financial balances in accounts, or other information under bank secrecy, were exposed.

“The information obtained is of a cadastral nature, which does not allow the movement of resources, nor access to accounts or other financial information”, it said.

According to the Central Bank, people who had their registration data exposed from the incident will be notified exclusively through the institution’s application or internet banking. Contact is not made by other means such as phone, text message, or email.

READ ALSO: Brazilian PIX celebrates its first anniversary with its popularity rising but faces security challenges

The monetary authority also said that it has adopted the necessary actions for the detailed investigation of the case and will apply the sanctions provided for in the rules in force.

“Even though it is not required by current legislation, due to the low potential impact for users, the BC decided to communicate the event to society, in view of the commitment to transparency that governs its performance”, it said.

Sought by Reuters, Acesso reported that it identified improper queries to data related to PIX keys and that sensitive data was not exposed.

“We took, in a timely manner, all the necessary measures to guarantee the security of the information held by the company and our commitment to keeping the market and our partners informed”, the company said.

This is not the first case of its kind. In September last year, the BC reported leaking data on PIX keys under the responsibility of Banco do Estado de Sergipe (Banese).

(Translated by LABS)

Get the best insights about Latin America market in your inbox