Overview
- The exposure involved cadastral data such as names, CPFs, bank and branch details, account numbers and types, account opening dates, and Pix key creation or possession dates.
- Banco Central said passwords, balances, and transaction histories were not exposed and no account access was possible.
- The records were visible to third parties from August 30, 2025 to February 27, 2026 due to localized system failures at the fintech.
- Affected customers will receive notices only inside their institution’s app or internet banking, and should ignore calls, texts, emails, or messaging solicitations.
- The case is the third Pix-related incident disclosed in 2026 and the 23rd since the system launched, with sanctions possible following the investigation.