On August 29, 2025, Sinqia, a company responsible for connecting financial institutions to the PIX system, suffered a hacker attack that resulted in the diversion of approximately BRL 710 million in unauthorized transactions. According to a report submitted by its parent company, Evertec, to the U.S. SEC, the breach exploited credentials of legitimate IT providers. The most affected institutions were HSBC, with around BRL 670 million diverted, and fintech Artta, with approximately BRL 41 million. The Central Bank stated that about 83% of the amount had been blocked.

Sinqia clarified that the PIX core infrastructure was not compromised, with the incident limited to its servers that connect to the Central Bank. In response, the Central Bank suspended the company’s connection to the Brazilian Payment System network until corrective measures are approved. The company promptly notified law enforcement and engaged external cybersecurity specialists. According to Evertec, the attack involved only B2B transactions, and part of the diverted funds has already been recovered.

*

share

LinkedInFacebookTwitterWhatsApp
*

serial content

client alert | memorandum articles

Know more about the Privacy and Data Protection content we have produced

read more

newsletter

Subscribe our newsletter and receive first-hand our informative

    For more information on how we handle your personal data, see our Privacy Policy.
    contato@camposthomaz.com
    *

    R. Funchal, 551, conjunto 51
    Vila Olímpia, São Paulo – SP
    04551-060

    11 3044-4906

    © Campos Thomaz Advogados privacy policy