Brazil’s central bank has confirmed a cybersecurity incident involving C&M Software, a key technology services provider that supports financial institutions lacking direct connectivity infrastructure. The cyberattack prompted the central bank to immediately order the suspension of these institutions’ access to C&M’s infrastructure.
C&M Software, through its commercial director Kamal Zogheib, disclosed that it was directly targeted by the attackers, who attempted to fraudulently use client credentials to breach its systems. Despite the breach attempt, C&M assured that its core systems remain intact and fully operational. The company has activated all relevant security protocols and is cooperating with the central bank and the São Paulo state police in the ongoing investigation.
One of the impacted financial institutions, BMP, revealed that it, along with five others, experienced unauthorized access to reserve accounts used solely for interbank settlements at the central bank. BMP emphasized that no customer accounts or internal balances were affected, and it has adequate collateral to cover the impacted amount, ensuring no disruption to its operations.
Around two dozen smaller financial entities rely on C&M’s services, Reuters news report said. They also noted that while the attack was serious, the financial exposure does not amount to billions of reais and no client losses have been reported.
C&M Software Claims to serve 350+ financial institutions globally. It holds a strong market position in credit/risk analysis and Pix integrations, covering roughly 60 percent of Brazilian fintechs and 90 percent of new digital account setups, ChicagoBusiness reports.
C&M Software is deeply embedded in Brazil’s digital finance landscape. Its clients include small and mid‑size fintechs, BaaS platforms (like BMP), national brokerage firms, and a large cohort of Open Finance participants. The company’s platforms — such as Pix integration, RCK888, and Crystal — support critical payment infrastructure, risk analysis, and real-time settlement services for hundreds of financial entities both domestically and internationally.
The incident underscores growing cybersecurity concerns in Brazil’s fast-evolving digital finance landscape, where innovations like the central bank’s Pix instant payment system have rapidly accelerated the adoption of online financial services.
InfotechLead.com News Desk
