Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized entry to its surroundings on the central financial institution’s real-time cost system (Pix).
Evertec is a public monetary know-how large that stands as a serious full-service transaction processor in Latin America, Puerto Rico, and the Caribbean.
Sinqia, acquired by Evertec in 2023, is a SĂŁo Paulo-based public firm working in monetary software program and IT companies for the banking and monetary trade.
Evertec disclosed in a submitting to the U.S. Securities and Trade Fee (SEC) that hackers breached Sinqia’s programs on August 29 and tried to conduct unauthorized transactions.
“On August 29, 2025, Sinqia S.A., a Brazilian subsidiary of EVERTEC, Inc., recognized unauthorized exercise in its surroundings of the Brazilian Central Financial institution real-time cost system often called Pix,” reads the SEC submitting.
“Upon detecting the incident, and in accordance with its incident response protocol, Sinqia halted transaction processing in its Pix surroundings and started working with outdoors cybersecurity forensics specialists.”
Pix is Brazil’s immediate funds system, launched by the Central Financial institution of Brazil in November 2020, permitting 24/7 immediate fund transfers.
It has grow to be essentially the most broadly used cost technique in Brazil, and is usually focused by Android banking malware.
The hackers tried to carry out unauthorized business-to-business transactions involving two monetary establishments which are prospects of Sinqia.
Native media retailers implicated the HSBC financial institution, whereas a spokesperson from the financial institution underlined that this incident has not impacted buyer funds or information.
Evertec notes that a part of the $130 million has already been recovered, with out mentioning how a lot, with restoration efforts nonetheless contining.
Investigation into the incident confirmed that the hackers gained entry to Sinqia’s Pix surroundings by utilizing stolen credentials for an IT vendor’s account.
Evertec has no indication that the impression extends past Sinqia’s Pix surroundings, and no proof that non-public information has been uncovered.
At the moment, Sinqia’s entry to Pix has been revoked by the Central Financial institution of Brazil, however the firm is working in direction of fast restoration by offering all of the required particulars and assurances to the authorities.
Relating to the monetary impression, Evertec notes that Sinqia’s Pix surroundings helps the operations of 24 monetary establishments in Brazil.
“The monetary and reputational impression of the incident, together with any impression on the Firm’s inner controls, aren’t but recognized and could possibly be materials,” notes the corporate.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
