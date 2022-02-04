The Central Bank reported this Thursday (3) that there was a leak of data of “registration nature” related to the PIX of customers of the financial institution Logbank Soluções em Pagamentos S/A.

According to the BC, registration data linked to 2,112 PIX keys, containing the user’s name, CPF, relationship institution and account number, were leaked.

This was the third leak of information related to PIX, the Central Bank’s real-time resource transfer system.

In January 2022, the BC reported that there was a leak of data of a “cadastral nature” related to the PIX of customers of the financial institution Acesso Soluções de Pagamento.

In September 2021, the institution reported the leak of PIX keys that were under the custody and responsibility of the Bank of the State of Sergipe (Banese).

Pix Leak: BC finds data from 160,000 customers exposed without authorization

“Despite the low amount of data involved, the BC always adopts the principle of transparency in this type of occurrence. As in previous cases, sensitive data was not exposed, the ANPD [Autoridade Nacional de Proteção de Dados] has been notified and affected people will be notified,” the institution said.

The BC also informed that people who had their registration data obtained from the incident will be notified “exclusively through the application of their relationship institution”.

“Neither the BC nor the participating institutions will use any other means of communication to affected users, such as messaging apps, phone calls, SMS or email,” he added.

According to the Central Bank, PIX keys are used to receive funds, that is, it is an easy identification of the data of the relationship institution, branch, account and type of account.

“This means that even in possession of this information, it is not possible to access the balance or account entries or make payments or transfers,” he added.

The institution admitted, however, that the exposure of the information “can be used to apply social engineering scams, such as, for example, the scammer trying to persuade the victim that he is a bank employee to try to obtain the user’s password credentials “.

It therefore recommended that exposed data subjects remain alert and take the following precautions regardless of incidents.