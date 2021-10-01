O central bank ( BC ) informed this Thursday (30) the leak of data from Pix keys under the custody and responsibility of the State Bank of Sergipe SA ( Banese ) “due to specific failures” in the financial institution’s systems.

Banese confirmed that its technical area detected improper queries to data related to 395,009 Pix keys, exclusively of the telephone type, of non-customers of the company, from the access of two bank accounts of Banse customers, probably obtained through social engineering (phishing or similar).

According to BC, sensitive data such as passwords, information from movements or financial balances in transactional accounts, or other bank secrecy information. “The information obtained is of a cadastral nature, which does not allow the movement of resources, nor access to accounts or other financial information”, he says in a note.

The bank confirms that the event did not affect the confidentiality of passwords, transaction history or other financial information of its customers.

“Such consultations were carried out in the Transactional Account Identifier Directory (DICT), administered by the Central Bank of Brazil and with restricted access to institutions that initiate the procedure for carrying out a transaction by Pix”.

According to Banese, the directory contains information of a cadastral nature, such as name, CPF, bank where the key is registered, branch, account and other technical data used for anti-fraud control purposes, such as the date of opening the account and the date of key registration.

“Under the applicable legislation, Banese communicated the incident to the National Data Protection Authority (ANPD) and, together with the Central Bank, has been working on the investigation and communication of facts. In a timely manner, containment actions and technical measures were adopted, such as the revocation of access to the two accounts used and the implementation of security mechanisms to prevent similar cases from occurring again”.

In view of the leak, Banese reinforces the need to adopt basic care to be followed by users, such as always suspecting SMS messages or applications sent by unknown numbers and never clicking links sent by such numbers. In addition, one should pay extra attention when receiving calls from people posing as bank employees and never provide personal information, codes received via SMS or bank passwords.

The monetary authority informed that people who had their registration data obtained from the incident will be notified exclusively through the application of your relationship institution.

“Neither BC nor participating institutions will use any other means of communication with affected users, such as messaging applications, phone calls, SMS or e-mail”, he emphasizes.

The BC also stated that it has taken “the necessary actions for the detailed investigation of the case” and that it will apply the sanctioning measures provided for in the regulation.

“Even though it is not required by current legislation, due to the low potential impact on users, the BC decided to communicate the event to society, in view of the commitment to transparency that governs its activities”, says the note.