Brazil: Central Bank and Banese confirm data leakage of 395,097 PIX payment keys
The Central Bank of Brazil ('BACEN') and the Bank of the State of Sergipe S.A. ('Banese') confirmed, on 30 September 2021, a data leakage of electronic payment keys ('PIX') by Banese. In particular, Banese reported that it had detected that 395,097 clients' personal electronic payment keys were leaked. Initially, Banese noted that the event did not affect the confidentiality of passwords, transaction history, and other financial information of its customers. However, the Banese also stated that the data, such as names, social security numbers, names of the bank where the key is registered, bank branches, bank account numbers, and other technical data used for anti-fraud control purposes, was leaked. In addition, the Banese confirmed that sensitive data, such as passwords, transaction information, and balances were not affected.
Furthermore, the Banese informed that it had been working with the BACEN in the investigation and communication of the facts, and had adopted containment actions and technical measures, such as the revocation of access to the accounts used and the implementation of security mechanisms to prevent similar cases. Lastly, pursuant to applicable legislation, the Banese communicated the incident to the Brazilian data protection authority ('ANPD').