BC warns of leak of Pix keys registered on Shopee
The Central Bank of Brazil (BC) announced that there was a security incident involving personal data of users linked to Pix keys, under the responsibility of the payment institution responsible for managing this information at Shopee.
As reported by the BC in a statement released on Thursday (19), the problem occurred due to specific failures in the company's systems. These failures resulted in the exposure of registration data.
The BC highlighted that, despite the incident, no sensitive information was compromised. In other words, there was no exposure of data such as passwords, financial transactions, balances in transactional accounts or any other confidential information protected by banking legislation.
According to the monetary authority, the information accessed is limited to registration data. This information, by itself, does not allow access to accounts, movement of funds or other financial transactions.
More detailed data reveals that the incident occurred between September 2 and 4, 2024. The potentially exposed data is registration data linked to 150 Pix keys. The leaked data includes user name, CPF, relationship institution, branch, account number and type.
Exposure of Pix data registered on Shopee
The Central Bank stated that affected users will receive a notification via their financial institutions' app or internet banking. The Central Bank clarified that neither it nor the institutions involved will use other means of communication, such as messaging apps, phone calls, SMS or emails, to alert users about the incident.
In line with its commitment to transparency, the Central Bank reported that it is taking all necessary measures to investigate the case. In addition, the entity stated that it will apply the sanctions provided for in the current regulations, depending on the progress of the investigation.
Although current legislation does not require public communication about this type of incident due to its low potential impact, the Central Bank chose to disclose the situation to society as part of its transparency policy.
“Although it is not required by current legislation, due to the low potential impact on users, the BC decided to communicate the event to society, in view of the commitment to transparency that governs its activities,” said the BC.
The BC also maintains a specific page on its website to record and update security incidents of this nature, reinforcing its commitment to protecting user data. Shopee has not yet officially commented on this data leak.
Shopee is a payment institution in Brazil authorized by the BC and operates under the name ShopeePay.