The Central Bank of Brazil has reported a security incident involving personal data linked to Pix keys held and managed by Pefisa S.A. - Crédito, Financiamento e Investimento, caused by isolated failures in the institution’s systems. Only registration data were accessed, and no sensitive information such as passwords, transaction details, account balances, or other bank secrecy-protected data were exposed. Customers whose registration data were obtained will be notified exclusively through their bank’s mobile app or internet banking, and neither the central bank nor Pix participants will use messaging apps, phone calls, SMS, or email. A detailed investigation is under way and sanctions under existing regulation will be applied; the central bank also noted it disclosed the incident despite no legal requirement, citing the event’s low potential impact, and it maintains a dedicated webpage to record similar security incidents.
Central Bank of Brazil 2026-03-20
Central Bank of Brazil reports security incident exposing Pix key registration data held by Pefisa
The Central Bank of Brazil reported a security incident involving personal data linked to Pix keys managed by Pefisa S.A., due to isolated system failures. Only registration data were accessed, with no exposure of sensitive information. A detailed investigation is ongoing, and sanctions will be applied under existing regulations.