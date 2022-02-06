BC discloses data leak of more than 2 thousand PIX keys. Photo: Getty Images.

The BC released the third PIX-related data leak;

According to the institution, registration data associated with 2,112 PIX keys were leaked;

The first incident took place in September 2021, while the second was in January of this year.

The Central Bank announced another PIX-related data leak last Thursday (3), thus making it the third case released by the institution since the technology began operating.

According to the entity, registration data associated with 2,112 PIX keys were leaked, including username, CPF, relationship institution and account number.

The first incident took place in September 2021, when the BC reported the leak of PIX keys under the custody of the Bank of the State of Sergipe (Banese).

The second occurrence took place in January of this year, after the Central Bank announced the exposure of data of “registration nature” of PIX users of Acesso Soluções de Pagamento, a financial institution in São Paulo.

How do these leaks happen?

While the BC has the ‘technical responsibility’ of the PIX, financial institutions are the operators and managers of customer data. Leaks occur because of vulnerability in the data protection of these companies.

Therefore, an error of this type can happen in several ways, ranging from the simplest to the most complex, such as the invasion and improper disclosure of databases and exposure of data outside the institutions’ systems, as well as emails to unprepared senders.

According to Marcelo Chiavassa, professor of digital law at Universidade Presbiteriana Mackenzie Campinas, all the leaks that took place were not the responsibility of the BC, but due to security failures in the institutions.

The academic says that, generally, leaks occur by human error. An example is when someone clicks on a link it can steal the entire database.

Is it possible to know if my data has been leaked?

Those who had their registration information exposed will be notified through the application of the institution in question.

Keep reading

The BC also informed that companies will not use messaging apps, phone calls, SMS or email for contact.

What are the risks?

The leaks were of PIX keys and related information. It is not possible to move accounts without access to passwords and tokens.

For Chiavassa, in isolation there are no major problems, as a criminal with a cell phone number or CPF will not be able to enter the bank account.

Still, there is a risk that someone with this information could contact the victim posing as a bank employee, as well as sending falsified invoices.

Is it possible to protect my data?

According to Bruno Diniz, partner of the Spiralem innovation consultancy, so far there is no effective way. According to the entrepreneur, discovering this security element will be the differential for companies in the future, including in the banks’ marketing campaigns.

Currently, there is only the General Data Protection Law (LGPD), in force since 2020, which seeks to ensure greater security and transparency in the use of customer information by public and private companies.

The Central Bank gives tips to those who had leaked data

Always be suspicious of messages or links sent by SMS or applications;

Be extra careful with calls from people impersonating banks, never disclosing personal information when charged;

Pay attention to fake emails and pages, as these can impersonate financial institutions;

Avoid creating easy passwords.

The information is from the G1 Portal.