Pix data leaks will occur frequently, says BC president


The president of the Central Bank, Roberto Campos Neto, said this Friday (11) that data leaks from Pix, an instant payment system, will happen with “some frequency”.

The statement was made during an event held by Esfera Brasil on monetary policy. “As we understand that this world of data is going to grow exponentially, leaks are going to happen with some frequency,” he said.

On February 3, the BC reported the leak of 2,112 Pix keys from customers of the payment institution Logbank, which took place between January 24 and 25. This was the third incident since the system was launched in November 2020.

Previously, around 160,100 customers of Acesso Soluções de Pagamento had Pix key data leaked between December 3 and 5, 2021. The first such leak occurred on August 24, 2021, reaching 414,526 Pix keys linked to Banese (Bank of the State of Sergipe).

Campos Neto explained that incidents of this type tend to be more common with the growth of the service, but assured that the BC will act with transparency in all situations, even if with less impact.

The BC president minimized the leakage of user data, arguing that CPF and mobile number are already information available for consultation on other platforms.

“It’s important to understand that data leaks from Pix are not relevant in the sense that they are data that are not that sensitive,” he said.

Luca Belli, professor at FGV Direito Rio and coordinator of the Center for Technology and Society at FGV, disagrees with the distinction between sensitive and non-sensitive data. “There is no such thing as an offensive or harmless data leak. The LGPD (General Data Protection Law) does not make this distinction. Security measures must be applied to any databases”, he told the leaf.

He cites article 46 of the law, which determines that data processing agents must adopt security, technical and administrative measures to protect personal information. “Any entity that processes and processes data in Brazil needs to adopt these measures. They have an obligation. You can’t just say that ‘happens,'” he explains.

In relation to the most recent leak, the BC said last week that sensitive data, such as passwords, information on transactions or financial balances in accounts or other information under bank secrecy, were not exposed.

“Despite the low amount of data involved, the BC always adopts the principle of transparency in this type of occurrence,” he said in a statement at the time.

Belli points out that the BC has the necessary resources to implement high-level security measures, and that the entity has an obligation to assess the risks and put in place the necessary measures to ensure that leaks do not occur.

“We’re not talking about trivial data, we’re talking about data from one of the largest regulatory bodies in the country, with the most skilled employees,” he said.

Currently, Pix has 120 million registered users, including individuals and companies.

In December 2021, with the payment of the second installment of the 13th salary, the number of transactions in one day with the instant payment system hit a record, with 51.9 million transactions in 24 hours.

You May Also Like

Recommended for you

Immediate Peak