This month might barely have began any worse for some monetary establishments in Brazil.
On 30 June 2025, C&M Software program, a Brazilian firm that gives a “bridge” serving to the nation’s central financial institution connect with native banks, revealed that it had been hacked.
800 Brazilian reals (roughly US $140 million) was stolen from the reserve accounts of six monetary establishments on account of the safety breach.
Within the wake of the assault, which made huge information headlines in Brazil, the nation’s Banco Central suspended entry to C&M Software program’s platform for all native banks and establishments whereas it investigated what had gone unsuitable, and to include the injury.
Then, on Friday 4 July, the information desk of São Paulo’s TV Globo reported that the town’s police had arrested an worker of C&M Software program.
48-year-old IT employee João Roque, who labored on backend methods at C&M Software program, is alleged to have assisted hackers by promoting them login credentials for roughly US $2,700 – granting them unauthorised entry to delicate crucial methods.
Based on police, Roque created the mechanism for the hackers to divert funds. Based on TV Globo Roque claims to have solely communicated with the cybercriminals by way of cellphone, and didn’t identified personally. He’s stated to have modified his cell phone each 15 days in an try – clearly futile – to keep away from being tracked.
In a police assertion, Roque reportedly claimed that he had first been approached in March by cybercriminals as he was leaving a São Paulo bar. He claims that later he obtained directions by way of WhatsApp, and obtained funds for his companies by way of a motorbike courier.
The cash in the end stolen by the hackers was from reserve accounts, utilized by monetary establishments to change funds between themselves, moderately than these belonging to clients – which means that members of the general public shouldn’t be immediately impacted by the assault.
Additional investigations into the assault are ongoing. Brazilian authorities have since frozen US $50 million linked to the incident, and C&M Software program says that it’s co-operating with the investigation and that it has now introduced its platform again on-line.
Assaults like this strongly underline the significance of not simply contemplating your organisation’s safety, but additionally the safety of your suppliers and the dangers that their workers would possibly pose.
