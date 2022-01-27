Last Friday, January 21, the Central Bank (BC) reported that there was a security problem with the personal data linked to Pix keys in the Access Payment Solutions SA and that as a result, more than 160k Pix keys leaked.

According to BC, this leak does not pose direct risks to users whose data has been leaked. Information such as passwords, transactions or financial balances in transactional accounts, for example, are not included in the leak. Still, the situation raises many doubts and concerns.

In the worst case, for example, this data can end up in the hands of fraudsters and from there they can make attempts to apply scams. So, see below what to do.

How to know if your Pix key has been leaked?

When communicating the information leak, the Central Bank also informed that the people who had their registration data leaked in the incident will be notified through the application or through the internet banking of their relationship institution .

So, if in the next few days the user does not receive any communication, it means that his data is not included among the leaks.

But it is also important to pay attention to the form of communication. The BC and participating institutions will not use other forms of communication besides their apps. If the customer receives an SMS, a call or contact through messaging apps, he should ignore it as it could be a scam attempt.

My data leaked: what to do?

If, on the other hand, the user receives the communication from the official source, the first step is to understand that the leaked information is from cadastral nature, so they do not allow the movement of resources, not even access to accounts, and other financial information.

Still, Pix users can and should be on the lookout, and if they notice any strange situation or the use of any personal information, they can report it to their bank and/or the police.

See some of precautions that can be taken:

Always be suspicious of SMS or in-app messages sent by unknown numbers and never click on links sent by such numbers;

Pay extra attention when receiving calls from people impersonating banks and never provide personal information, codes received via SMS or bank passwords;

Beware of fake emails and pages that try to impersonate any financial institution;

Never use passwords that are easy to guess.

In addition, according to lawyer Nagib Barakat, a specialist in digital law, in a situation of data leakage like this, clients can even demand compensation in court for the data leakage. However, it is more common for the justice to give reason to victims who suffered more serious consequences from these leaks.

“As long as you have suffered any damage resulting from that leak and the bank has not taken the necessary precautions in accordance with the Central Bank’s security policy, nor is it in accordance with the LGPD, you have the possibility to seek compensation”, explains Barakat . “But always tied to the extent of damage you’ve suffered.”

BC has been trying to increase the security of the PIX

Recently, the Central Bank announced that it was taking measures to increase the security of the Pix amidst the occurrence of crimes, including lightning kidnappings.

Among these measures, some have already been announced. At the end of 2021, the BC established, for example, a limit of BRL 1,000 for transactions between individuals from 8pm to 6am. It also allowed the institution that holds the account of the individual recipient user to carry out a preventive block of funds for up to 72 hours in cases of suspected fraud.

Still, this was the second major data breach in a few months. In October 2021, data from 395,000 Pix keys were leaked after problems registered in the system of the Bank of the State of Sergipe, the Banese.