Brazil’s financial sector is on high alert after a targeted cyberattack struck C&M Software, a leading technology provider for smaller financial institutions. The breach, which occurred earlier this week, led to unauthorized attempts to access interbank reserve accounts, prompting swift intervention by the Central Bank of Brazil.
C&M Software, which supplies digital infrastructure to over two dozen financial firms without their own direct connectivity, confirmed it was a direct victim of cyber intrusion. Company officials said attackers attempted to exploit client credentials to infiltrate secure systems.
“We’ve contained the situation. No core systems were compromised, and all security protocols were activated immediately,” said Kamal Zogheib, Commercial Director at C&M. He added that the firm is fully cooperating with federal investigators and state police in São Paulo.
The Central Bank issued an urgent directive, suspending financial institutions’ access to C&M’s infrastructure to prevent further risk. It emphasized that the attack did not compromise the broader banking system.
Among the affected institutions was BMP, which confirmed unauthorized access to its reserve account held directly with the central bank. However, BMP assured the public that no customer funds were impacted, as these accounts are used strictly for interbank settlements. The firm stated it has adequate collateral to cover the incident and is pursuing legal and operational responses.
Sources familiar with the matter said the amounts involved were relatively small, and no losses were reported by individual clients.
This breach raises concerns about the cyber readiness of financial technology service providers, especially as Brazil experiences a surge in digital banking and payments adoption. Systems like Pix, the instant payment network launched by the Central Bank in 2020, have become vital to daily commerce across the country.
Cybersecurity experts say attackers are increasingly targeting backend providers like C&M that serve as gateways to multiple institutions.
With investigations underway and systems under review, the Central Bank reiterated its commitment to enhancing digital security standards across all levels of Brazil’s financial infrastructure.
