Access Soluções de Pagamento announced this Friday (21) that it has adopted the necessary measures to ensure the security of the information held by the company, after the BC earlier disclosed a data leak that affected 160,147 Pix keys “under the custody and responsibility of ” of the payment institution.
According to the BC, the incident occurred due to “sporadic failures in systems” at Acesso. The company informed, in a note, that it identified improper queries to data related to Pix keys from its platform in the Directory of Transactional Account Identifiers (DICT), a database that stores the information of users receiving Pix and their respective accounts.
“Users affected by the data leak will be communicated directly by the institutions where the PIX key is registered. We reinforce that we have taken, in a timely manner, all the necessary measures to guarantee the security of the information held by the Company and our commitment to keeping the market and our partners informed”, said Access, in a note.
The company also reinforced that the information exposed is of a registration nature, which does not allow the movement of resources, access to accounts or any other financial information.
According to the company, no sensitive data such as passwords, transaction information, financial balances in transactional accounts or any other information under bank secrecy was leaked, as the BC had already informed.
The monetary authority informed that it has adopted the necessary actions for a detailed investigation of the case and said that it will apply sanctioning measures provided for in the current regulation.
According to the BC, the institution is subject to a fine for failing to comply with the provisions of the Pix Regulation and may also be fined by the law that establishes the administrative sanctioning process in the municipality. This last rule also provides for disqualification to act as an administrator and to hold a position in a body provided for in the statute or articles of association.
Asked about improvements in the legislation to prevent new incidents, the BC replied that it carries out a series of actions to verify the adherence of the participants’ performance to the Pix Regulation.
“Regarding the controls established by the BCB, in addition to monitoring Pix key queries, there are mechanisms to prevent read attacks, based on limiting unsettled or invalid queries, and limiting requests to the DICT API,” he said. the autarchy.
This is the second episode of data leakage linked to Pix keys. On August 24, 2021, a similar problem occurred at Banco do Estado de Sergipe (Banese), with exposure of data linked to 414,526 keys.
At the time, Banese published a notice to the market clarifying what had happened. According to the financial institution, the technical area detected undue queries to data related to 395 thousand Pix keys, exclusively of the telephone type, from non-customers of the bank. Access was made from two bank accounts of Banese customers, probably stolen through “phishing”, that is, with malicious links. These accounts have been cancelled.
Reference: CNN Brasil
I am Sophia william, author of World Stock Market. I have a degree in journalism from the University of Missouri and I have worked as a reporter for several news websites. I have a passion for writing and informing people about the latest news and events happening in the world. I strive to be accurate and unbiased in my reporting, and I hope to provide readers with valuable information that they can use to make informed decisions.
