Hackers Hit Brazilian Payments Giant in $130M Heist
Hackers launched a large-scale attempt to steal funds from the Brazilian company Sinqia S.A., a provider of financial IT services. The incident occurred on August 29 and targeted the infrastructure of Pix, Brazil’s instant payment system operated by the Central Bank. According to a report filed by Evertec with the SEC, the attackers gained access to Sinqia’s environment and attempted to initiate unauthorized transfers amounting to nearly $130 million.
Since its launch in 2020, Pix has become the nation’s primary payment platform, enabling round-the-clock transfers and adopted by the overwhelming majority of citizens. Its ubiquity has made it a prime target for attackers, particularly through malware designed for Android devices. In Sinqia’s case, the perpetrators sought to execute interbank transactions on behalf of two of the company’s clients. Brazilian media suggested that HSBC may have been among the banks involved, though the institution clarified that customer funds and data remained unaffected.
Upon discovering the breach, Sinqia halted Pix operations and engaged external digital forensics experts. Investigators determined that the attack hinged on compromised credentials belonging to a contractor with system access. Evertec emphasized that no evidence of personal data leakage was found and that the incident was confined to Pix’s infrastructure. The Central Bank temporarily suspended Sinqia’s access to Pix, while the company prepares documentation to restore connectivity.
Evertec further reported that part of the stolen amount has already been recovered, though the exact figure was not disclosed, and efforts to retrieve the remainder are ongoing. A total of 24 financial institutions in Brazil rely on Pix via Sinqia, a fact that makes the breach particularly sensitive. The company acknowledged that the consequences for its reputation and internal controls may prove significant, though the full scope has yet to be determined.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
