SAO PAULO, Brazil (BN24) — Police in Brazil have arrested a suspect accused of helping orchestrate a massive cyberattack that siphoned more than 540 million reais (about $100 million) from the country’s banking networks in one of the biggest breaches in recent years.
Authorities said the attack compromised Brazil’s widely used instant payment system, known as PIX, which is used by more than three-quarters of the population.
The suspect, whose identity was not publicly disclosed, worked in information technology at C&M, a software firm that links financial institutions to Brazil’s Central Bank to process PIX transactions. According to police in São Paulo, the employee allegedly enabled other hackers to gain unauthorized access to the system.
Investigators said they have frozen 270 million reais traced to an account involved in the fraud.
Brazil’s Central Bank announced it suspended part of C&M’s operations on Thursday, citing security concerns, after the company implemented emergency measures to prevent additional breaches.
C&M said in a statement distributed by local media outlets that it was cooperating fully with investigators. The firm said initial evidence pointed to the use of social engineering techniques to obtain access to security credentials, rather than exploitation of technical flaws in its software.
PIX has become the backbone of everyday banking in Brazil, adopted by 76.4% of Brazilians for instant transfers and payments. The unprecedented hack has renewed concerns about the vulnerability of digital financial infrastructure in Latin America’s largest economy.
