Cybercriminals Target Fintech Company in Failed $130 Million Bank Heist

Hackers attempted to steal $130 million from Evertec’s Brazilian subsidiary, Sinqia S.A., after gaining unauthorised access to its environment within the Brazilian Central Bank’s real-time payment system, known as Pix. Evertec, a prominent public financial technology giant, operates as a full-service transaction processor across Latin America, Puerto Rico, and the Caribbean. In a filing to the U.S. Securities and Exchange Commission (SEC), Evertec disclosed that the breach occurred on August 29, 2025, when Sinqia identified unauthorised activity in its Pix environment. Following the detection of the incident, Sinqia promptly halted transaction processing and engaged external cybersecurity forensics experts to investigate the breach. The hackers attempted to execute unauthorised business-to-business transactions involving two of Sinqia’s financial institution clients, with local media implicating HSBC bank, which confirmed that customer funds and data remained unaffected.

The investigation revealed that the hackers accessed Sinqia’s Pix environment using stolen credentials from an IT vendor’s account. Evertec reported that part of the $130 million has been recovered, although the exact amount remains undisclosed, and recovery efforts are ongoing. Currently, Sinqia’s access to Pix has been revoked by the Central Bank of Brazil, but the company is working diligently to restore access by providing necessary details and assurances to the authorities. The financial and reputational impact of the incident, including potential effects on the company’s internal controls, is still unknown and could be significant. Notably, a recent report indicated that 46% of environments had passwords cracked, nearly doubling from 25% the previous year. 

Categories: Cybersecurity Incident, Financial Technology, Payment Systems 

Tags: Hackers, Evertec, Sinqia, Central Bank, Pix, Cybersecurity, Transactions, Financial Institutions, Unauthorized Access, Incident Response