Failures in the Banese (Sergipe State Bank) system led to the leakage of 395,009 Pix keys from people who are not the institution's clients, the Central Bank and Banese reported.
These are all phone numbers obtained from the accounts of two account holders probably for "phishing."
In this type of scheme, the user is tricked into voluntarily giving up their information and passwords.
According to the Central Bank, sensitive data such as "passwords, information on transactions or account balances , or any others under bank secrecy" were not exposed.
According to the monetary authority, people who had their data leaked will be notified exclusively through their bank's application.
The Central Bank has recently implemented measures to reduce the systems' vulnerability to fraud and other crimes.
Transactions on digital channels with Pix and TED (Electronic Transfer Available) between individuals at night will be limited to R$1,000 as of Monday, October 4th. The measure will also apply to debit cards when used for transfers with WhatsApp Pay.
Translated by Kiratiana Freelon