The system were disconnected from the system, Soffy and Nuoro Pay; BC investigates whether the three companies are related to attack, which diverted accounts of accounts that banks maintain as a reserve in the monetary authority
O It has cautiously suspected of the PIX three financial institutions suspected of having received funds diverted in the cyber attack against the C&M Software Technology Services provider. They were disconnected from the system transferred it, Soffy and Nuoro Pay. The BC will find out whether the three companies are related to the attack, which diverted accounts that banks maintain as a reserve in the monetary authority. The Brazil Communication Company (EBC) confirmed that at least R $ 400 million was diverted.
With a maximum duration of 60 days, the suspension is provided for in Article 95-A of Central Bank Resolution 30 of October 2020, which regulated the Pix. By the resolution, the BC may “suspend cautiously, at any time, participation in the participant’s Pix whose conduct is endangering the regular operation of the payment arrangement”. Central -authorized closed capital company, Transfera confirmed that Pix’s functionality was suspended. However, the company, which operates in the financial management of companies, stressed that the other services offered continue to function normally.
“Our institution, nor our clients, were affected by the incident reported at the beginning of the week and we are collaborating with the authorities to release the instant payment functionality,” the company said in a statement. The other two suspended PIX institutions are the fintechs (digital financial companies) Soffy and Nuoro Pay. Companies are not authorized by the BC to be part of PIX, but participate in the instant transfers system in partnerships with other financial institutions. Neither of the two companies spoke up to the closure of the report.
Justification
According to the Central Bank, the suspension of the institutions of the It aims to protect the integrity of the payment system and ensure the safety of the arrangement, until investigations into the diversion of financial system resources are completed.
Understand the attack
On Tuesday night, a cyber attack on C&M Software systems, which provides technological services to financial institutions, resulted in embezzlement of reserve accounts that banks maintain in the BC to meet legal requirements. The money was transferred by Pix and converted into cryptocurrencies. Although it does not operate financial transactions, C&M connects several financial institutions to the Brazilian Payment System (SPB), operated by the Central Bank. On Thursday (3), the BC authorized the target company of the attack to resume PIX operations.
The Federal Police, the São Paulo Civil Police and the Central Bank investigate the case. In a statement on the company’s website, C&M reported that no customer data was leaked. This Friday (3), the São Paulo Civil Police arrested a C&M employee who received $ 15,000 to give criminals access to the company’s systems. The suspect confessed to having provided access password $ 5,000 and received another $ 10,000 to create a hacker access system.
*With information from Agência Brasil
