Brazilian Financial Services Under Attack 

Uploaded on 2025-07-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Brazil’s central bank has disclosed that the technology services firm C&M Software, a key infrastructure provider for financial institutions, was hit by a recent cyber attack. While this exploit prompted immediate regulatory intervention, it has raised concerns across the country’s digital banking sector.

In response to the incident, the central bank instructed C&M Software to suspend access for financial institutions to the infrastructure it manages. 

While the bank did not detail the nature or scale of the breach, it confirmed that it is closely monitoring the situation.
Kamal Zogheib, a senior commercial director of C&M Software, said the company was directly targeted in the attack, and that hackers used fraudulent client credentials in an attempt to get inside its systems and services. He emphasised that the company’s critical infrastructure remained unaffected and fully operational. Zogheib also said that C&M had enacted all required security protocols and is collaborating with both the central bank and São Paulo state police in the ongoing investigation.

One of the affected institutions, Banco Modal Partners (BMP), confirmed to Reuters that it, along with five other financial entities, experienced unauthorized access to their reserve accounts maintained at the central bank.  

These accounts are used exclusively for interbank settlements, and BMP assured that client accounts and internal balances were not compromised. The bank added that it has undertaken all necessary legal and operational steps to address the situation and holds sufficient collateral to cover the impacted funds without disrupting its business operations.

A government official familiar with the matter, speaking on condition of anonymity, said C&M Software provides services to approximately two dozen smaller financial institutions. The official noted that the financial impact of the breach is not expected to be major. Another source added that no client losses have been reported.

The affected financial institutions are part of a growing segment of Brazil’s banking ecosystem, digital payment institutions that operate without their own direct connectivity to central banking systems. 

These entities have expanded rapidly in recent years, fueled by the success of the central bank’s Pix system, an instant payment platform launched in 2020 that has quickly become the most widely used payment method in the country.

teiss  |  Reuters  |  CentarlBanking  |   SCWorld  |   AIInvest   |  Insurance Journal

Image: Ideogram

You Might Also Read: 

Cyber Threats Escalate Against The Finance Sector:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« Why Smarter Data Protection Is Now A Business Essential
How Industrial Beacons Enhance Automated Emergency Systems »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.