Caixa Econômica Federal had data exposed from 644 PIX keys, according to a statement from the Central Bank issued this Friday (8). The exhibition took place between the 24th and 25th of September with information that the institution says is not confidential, fiscal or patrimonial.
According to the monetary authority, data such as user name, CPF, agency and information relating to the creation of the PIX key by the account holder, among others, were exposed.
In a note, Caixa responded that customers were notified and the situation was quickly corrected. “The bank reaffirms its commitment to the security and privacy of its customers’ data and highlights that it continually improves the security criteria in its channels, products and services”, he pointed out.
SEE ALSO:
-
Without agreement, spending cut announcement is postponed once again
The Central Bank reported that this is the 16th record of data exposure from the PIX system since its launch in November 2020. According to the authority, the failure occurred due to specific problems in the institution’s systems.
The monetary authority highlighted that the exposed data did not include information protected by banking secrecy, such as balances, passwords or statements. In other words, customers’ financial transactions were not affected.
Although the potential impact of the incident is considered low, the BC decided to disclose what happened “in the name of its commitment to transparency”. Data exposure means that the information was temporarily visible to third parties and, although there is no confirmation of an actual leak, there is the possibility that it was accessed.
The Central Bank also informed that affected customers will be notified exclusively through official channels, such as the application and internet banking. And he warned users to disregard any contact attempts by phone, SMS, emails or application messages that may try to impersonate the institution, as these are not authorized means for this communication.
The Central Bank also stated that it is investigating the incident and may impose sanctions on the institution, in accordance with current legislation. Depending on the severity, penalties may include fines, suspension or even exclusion of Caixa from the PIX system.
As determined by the General Data Protection Law (LGPD), the BC maintains a page () for citizens to monitor incidents related to Pix keys or other personal data under its management.