BC reports that a leak in the CNJ system affected 47 million Pix keys

The Central Bank clarified this Thursday (24) that the security incident in the system operated by the National Council of Justice (CNJ) affected the registration data of 46.9 million Pix keys belonging to 11 million people. The difference occurs because each individual can have up to five keys registered in each account.

The unauthorized accesses occurred in the Judiciary's Asset Search System (Sisbajud), operated by the National Council of Justice (CNJ), on July 20 and 21. Sisbajud allows the Judiciary to request information and freeze funds in debtors' bank accounts and financial investments. The electronic tool facilitates compliance with court orders.

According to the BC and the CNJ, the exposed registration information was: user name; Individual Taxpayer Registry (CPF); relationship institution; branch; account number and type; Pix key; Pix key status; Pix key creation date; and Pix key deletion date.

The National Council of Justice (CNJ) stated that it intends to provide an exclusive tool so that Pix users can check whether they have been affected by the data exposure. The agency emphasized that it will not contact victims via text message, SMS, email, or phone calls, reported Agência Brasil .

The action was communicated to the public on Wednesday night (23). In a note, the CNJ reported that the improper access occurred through the criminal capture of user credentials.

"There was no access to balances, passwords, statements, or any information protected by banking secrecy. The exposed data does not allow for financial transactions or transfers, nor access to bank accounts. There was no compromise to the integrity of the banking system," the council emphasized.