š SĆ£o Paulo, July 2025 ā Brazilian authorities have arrested JoĆ£o Nazareno Roque, an IT employee at software firm C&M, in connection with a cyberattack that siphoned over 540 million reais (approximately $100 million) from the countryās banking infrastructure. The breach targeted PIX, Brazilās instant payment system used by more than 76% of the population, and is considered one of the largest financial cybercrimes in the nationās history.
š Insider Access and Social Engineering Roque allegedly sold his system credentials to hackers for R$15,000, enabling unauthorized access to C&Mās systems. He also assisted in developing tools to execute fraudulent PIX transactions. The attack, carried out in a single night, affected at least six financial institutions, though individual clients were not impacted.
šµļø Ongoing Investigation
- Police are pursuing four additional suspects believed to be involved in the scheme
- Authorities have frozen R$270 million in assets linked to the operation
- Roque reportedly used burner phones and changed devices every 15 days to avoid detection
š¦ Regulatory Response The Central Bank of Brazil has suspended parts of C&Mās operations to prevent further breaches. C&M stated the incident stemmed from social engineering, not technical flaws, and confirmed it is cooperating with law enforcement.
š Security Implications The case highlights vulnerabilities in third-party vendor oversight and the risks posed by insider threats. Experts warn that even robust systems like PIX can be compromised through human error and inadequate access controls.
This breach has prompted calls for stricter cybersecurity protocols across Brazilās financial sector, including enhanced vetting of IT personnel and real-time monitoring of payment systems.
