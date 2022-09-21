Estimated reading time: 3 minutes

Last Friday (16), the Central Bank reported that around 137,300 Pix keys from customers of Abastece Ai Clube Automobilista Payment Ltda. had leaked data. Thus, this is the fourth data leak that has taken place since the functionality was launched in November 2020.

According to the Central Bank, as a customer can have more than one Pix key, the total number of people (individuals and legal entities) affected by the leak were 137,122. For each individual can have a maximum of five keys for each account and each legal entity can have up to 20.

Leak

Also according to the Central Bank, the leak happened in registration data and did not impact the movement of money. Therefore, data protected by bank secrecy, such as balances, passwords and statements, were not leaked.

The incident took place between July 1 and September 14 and leaked the following data:

Username;

Individual Taxpayer Registration (CPF);

Relationship institution;

Agency;

Account number and type;

Pix key creation date.

Warning

In this way, all those who had information exposed are being notified through the Abastece app or the institution’s internet banking.

Thus, the Central Bank highlighted that these will be the only means of warning for the exposure of Pix keys. Therefore, customers should disregard communications such as phone calls, SMS and notices via messaging apps and via email.

Exposing data means that it was visible to third parties for some time and could have been captured. According to the Central Bank, the case will be investigated. In addition, sanctions may be applied, such as a fine, suspension or even the exclusion of Abastece Aí from the Pix system.

What does Abastece-ai say?

In a note sent to Agência Brasil, Abastece-ai reported that “due to the security incident, of which it was a victim, it has already blocked suspicious activities”.

In addition, the company highlighted that passwords, transaction information, financial balances or any other information under bank secrecy were not exposed.

“Potential information improperly accessed from Pix is ​​registration data, not allowing the movement of resources, nor access to accounts or other financial information. The company reinforces that all measures applicable to this investigation are already being taken”, he said in the note.

Image: Diego Thomazini/shutterstock.com