Police in Brazil arrest a suspect over $100M banking hack
SAO PAULO (AP) — Police in Brazil arrested a suspect in connection with a cyberattack that diverted more than 540 million Brazilian reais (about $100 million) from the country’s banking systems, authorities said Friday.
The breach affected Brazil’s widely used instant payment system, known as PIX, which is used by 76.4% of the population. Hackers targeted C&M, a software company that connects financial institutions to the Central Bank to enable PIX transactions.
Police in Sao Paulo said the $100 million loss refers to just one financial institution that worked with C&M and total losses could be even higher.
Officials identified the suspect as João Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems.
According to police, Roque told investigators he sold his credentials to hackers who recruited him earlier this year. The Associated Press could not immediately reach his lawyers.
After breaching the company’s system, hackers carried out massive fake PIX operations. The fraud took place in a single night and did not affect clients — only financial institutions contracted with C&M.
Police are now trying to identify other members of the group and said at least four more people participated in the cyberattack. They are also tracking and attempting to freeze suspected assets. So far, authorities have blocked 270 million reais linked to the scheme.
Brazil’s Central Bank said Thursday that it suspended part of C&M’s operations after the company took measures to reduce the risk of further attacks.
C&M said in a statement published by local media that it is cooperating with authorities and that preliminary evidence indicates the breach stemmed from unauthorized access to security credentials through social engineering, not from flaws in its systems.
___
Follow AP’s coverage of Latin America and the Caribbean at https://apnews.com/hub/latin-america