Registration data were exposed from February 23 to March 6; According to the monetary authority, the incident was caused “for punctual failures”
The (Central Bank) reported this Monday (17.mar.2025) the leakage of registration data linked to 25,349 Chaves Pix from Qi Direct Credit Society SA (Qi SCD). This is the statement (PDF – 36 kb).
The shared information is: username, CPF with mask, relationship institution, agency, number and type of account. It is not possible to access passwords or more sensitive information.
According to the BC, there was vulnerability in the System of the Qi Direct Credit Society SA from February 23 to March 6. Click to access all leaks already registered by the monetary authority.
The Central Bank said there were flaws “punctual”In systems of the institution. He stated that it is not possible to access information of movements or financial balances in transactional accounts, or any other information under bank secrecy.
“The information obtained is of a registration nature, which does not allow movement of resources, nor access to accounts or other financial information”Said the BC.
Those harmed with leaks will be notified exclusively through the application or by the financial institution’s internet banking. “Neither the BC nor the participating institutions will use any other media for affected users, such as messaging applications, telephone calls, SMS or email”said the BC.
The monetary authority also said that the necessary actions were adopted for the detailed calculation of the case and the sanctioning measures provided for in the current regulation will be applied.
