Unauthorized access to Sinqia's Pix environment leads to attempted $130M heist
Summary
Hide â˛
Show âŧ
On August 29, 2025, hackers gained unauthorized access to Sinqia S.A.'s environment on the Brazilian Central Bank's real-time payment system (Pix). They attempted to steal $130 million through unauthorized business-to-business transactions. Sinqia, a subsidiary of Evertec, detected the breach and halted transaction processing. Evertec is a major financial technology firm operating in Latin America, Puerto Rico, and the Caribbean. Sinqia, based in SÃŖo Paulo, provides financial software and IT services. The breach involved stolen credentials for an IT vendor's account. The Central Bank of Brazil revoked Sinqia's access to Pix, and recovery efforts are ongoing. The financial and reputational impact remains under investigation.
Timeline
-
03.09.2025 01:33 đ° 1 articles
Hackers attempt $130M heist through Sinqia's Pix environment
On August 29, 2025, hackers gained unauthorized access to Sinqia S.A.'s Pix environment using stolen IT vendor credentials. They attempted to steal $130 million through unauthorized transactions. Sinqia detected the breach and halted processing. The Central Bank of Brazil revoked Sinqia's access to Pix, and recovery efforts are ongoing. The breach impacted 24 financial institutions, and the full financial and reputational impact remains under investigation.
Show sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
Information Snippets
-
Sinqia S.A., a Brazilian subsidiary of Evertec, was breached on August 29, 2025.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
The breach targeted the Pix real-time payment system, attempting to steal $130 million.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
Hackers used stolen credentials for an IT vendor's account to gain access.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
Sinqia halted transaction processing and engaged cybersecurity forensics experts.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
Part of the $130 million has been recovered, but the total amount is unspecified.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
The Central Bank of Brazil revoked Sinqia's access to Pix pending restoration.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
-
The breach impacted 24 financial institutions using Sinqia's Pix environment.
First reported: 03.09.2025 01:33đ° 1 source, 1 articleShow sources
- Hackers breach fintech firm in attempted $130M bank heist â www.bleepingcomputer.com â 03.09.2025 01:33
Similar Happenings
Allianz Life data breach affects 1.1 million customers via Salesforce compromise
Allianz Life, a U.S. insurance subsidiary of Allianz SE, experienced a data breach in July 2025. Hackers accessed a third-party cloud CRM system, stealing personal information of 1.1 million customers. The breach involved a malicious OAuth app linked to Salesforce instances, leading to the exfiltration of sensitive data. The extortion group ShinyHunters, tracked as UNC6040, claimed responsibility and leaked the stolen data. The breach is part of a broader campaign targeting multiple high-profile companies, including Google, Adidas, Workday, Qantas, Pandora, and Workiva. Allianz Life confirmed the breach but declined to provide additional details due to an ongoing investigation. Qantas Group executives reduced their short-term compensation by 15% due to the impact of the cyberattack on customers, which affected approximately 5.7 million passengers.