Banco Pan suffers hacker attack and customer data is leaked

by

Banco Pan suffered this Thursday (14) an attack by criminals that resulted in the leakage of registration data of customers who have the institution’s credit cards. Access to information occurred due to a failure in a company that provides technology services for the bank’s call center, which is outsourced.

Names, telephone numbers, CPF and addresses are among the affected information. Cybercriminals also accessed the outstanding balance and available limit of cards.

As for the specific identification data of credit cards, only masked numbers were accessed. That means they didn’t have access to the full card numbering or security code. There was also no access to passwords.

Without complete information, fraudsters would not be able, for example, to make withdrawals or purchases on behalf of victims.

Banco Pan told the Sheet that there was no financial loss to customers, as essential information for using the cards was not accessed.

There are 13 million credit cards in Banco Pan’s customer base. There is no information so far about the exact number of victims of the leak.

Initial findings from the ongoing police investigation show that a small portion of customers had their data exposed, said a person familiar with the case.

Only Banco Pan’s credit card segment was the target of the attack. Other services were not affected. Among the products offered by the institution are digital accounts, means of payment (card machines), financing and loans.

Customers who have Banco Pan credit cards can ask questions through the SAC (Customer Service), which is open 24 hours a day by calling 0800 776 8000.

Since 2011, Banco Pan belongs to BTG Pactual, which purchased all the shares held by Grupo Silvio Santos.

There is no relationship between Banco Pan’s leaked card databases and BTG’s customer information.

In a note released this Friday afternoon (15), Banco Pan informed that it had notified the company responsible for the failure for the immediate correction of the problem and that it had hired a consultancy for a complete analysis of the situation. The note reinforces that there was no financial loss to customers. See the bank statement:

We recently detected a weakness in the platform of a technology provider, used in the Customer Service Center in the card segment.

We activate our security protocols, notify the software company for immediate correction of the
vulnerability and contracted independent expert consultancy for a complete analysis.

According to the investigation in progress, it was already possible to verify that there was no current account compromise, system unavailability, or invasion of the Bank’s infrastructure, having been confirmed, however, that the exploitation of the vulnerability allowed the unauthorized copying of data records, available limit and debit balance, without having exposed complete card data, passwords or any data that incurs a direct financial risk for the customer and the bank.

We reinforce that information security is our priority and all relevant authorities have been notified.

You May Also Like

Recommended for you