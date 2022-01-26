THE leak of data linked to 160 thousand keys pix had more repercussions this Tuesday (25). THE Procon-SP sent a letter to central bank asking for clarification on the episode, such as the number of customers in the state of São Paulo who were affected and how they will be informed about the problem.



Pix in banking app (image: Emerson Alecrim/Tecnoblog)

The incident was revealed by the Central Bank itself last Friday (21). The target of the security breach was Access Bank, which has around 5 million customers. According to the BC, the data exposed with Pix keys are not considered sensitive, being only of a cadastral nature.

The leak took place between December 3 and 5. Among the data exposed are name, CPF, bank, branch and account number. According to the BC, there is no way to access bank accounts with this information.

In the letter sent, Procon-SP asks the BC to clarify its legal relationship with Acesso, how many users in the state of São Paulo were affected, how the notification to consumers will be made.

In addition, the entity wants to know if there is a risk that the leaked data will harm customers, if there are already records of this type and how to proceed in these cases.

The consumer protection agency also asks what the Central Bank’s action plan is to prevent the misuse of this information.

On Friday, the Central Bank informed that affected customers will be notified exclusively through the application or website of their relationship institution. There will be no other way of contact — WhatsApp, Telegram, calls, SMS or email.

Pix Key Leak is the second of its kind

The Access security incident is not the first. In September, the Central Bank revealed that 395,000 Pix keys under the responsibility of Banco do Estado de Sergipe (Banese) had been exposed.

As in the most recent case, no sensitive data was exposed, such as passwords, balances or transactions. The information was of a cadastral nature and did not allow access to accounts or transactions.

With information: Procon-SP.