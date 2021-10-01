The Central Bank informed this Thursday (30) that there was a leak in the keys of the PIX, an instant payment system, which were under the custody and responsibility of the State Bank of Sergipe (Banese). This was the first leak recorded by BC.

According to the autarchy, the leak occurred because of “punctual failures in the financial institution’s systems and involved registration information, which do not allow for the movement of resources or access to accounts”.

“There were no sensitive data, such as passwords, information on transactions or financial balances in transactional accounts, or any other information under bank secrecy,” stated the BC, in a note.

The monetary authority added that it will investigate what happened and apply sanctioning measures provided for in the regulation.

Central Bank Announces Measures to Make PIX Safer

People affected by the leak, according to BC, will be notified exclusively through their bank’s application. “Neither the BC nor the participating institutions will use any other means of communication with affected users, such as messaging applications, phone calls, SMS or email,” the autarchy warned.

In a statement, Banese stated that its technical area detected “inappropriate queries” to data related to 395,009 PIX keys from people who are not bank customers.

This consultation, according to the bank, was based on the access of two bank accounts of Banese customers, probably through phishing (fraudulent action to obtain confidential information).

The bank reiterated that the leak did not affect the confidentiality of passwords, transaction history or other financial information of customers and highlighted that it is working on finding the facts and implementing security mechanisms to prevent similar cases from happening again.

BC security measures

The news of the leak comes after the BC has taken measures to increase the security of the PIX amidst the occurrence of crimes, including lightning kidnappings, which allow immediate transfers made seven days a week and at any time.

The BC established a limit of R$ 1 thousand reais for transactions between individuals from 8:00 pm to 6:00 am. It also allowed the institution that holds the account of the individual receiving user to carry out a preventive blocking of resources for up to 72 hours in cases of suspected fraud.

This Tuesday (28), the BC announced new measures to make the PIX safer, which will take effect on November 16th. Among them are the preventive blocking of resources in case of suspected fraud and mandatory notifications of rejected transactions.