Brazil’s financial sector has faced a wave of cybersecurity incidents in recent months, reflecting growing threats from ransomware groups, banking malware, and data breaches at fintech firms and traditional banks.
In 2024 and early 2025, more than 100 Brazilian organizations were targeted by ransomware, including several financial institutions. Cybercriminal groups such as Lockbit 3.0 and Quilong have been linked to multiple attacks, cyber security solutions provider Kaspersky reveals.
On dark-web forums, threat actors have been selling unauthorized access to Brazilian banking networks, including claims of access to a bank’s Active Directory data, DevOps code for PIX (Brazil’s instant payment system), and network credentials, with asking prices as high as $50,000, Cyber Press reports.
Fintechs have also come under fire. Neon, a leading digital bank, suffered a major breach that exposed data of roughly 30 million customers, including transaction histories, document images, and PIX transfers. While the company reported no immediate financial fraud, the scale of the breach drew regulatory scrutiny and posed significant reputational risks.
Similarly, XP Investimentos disclosed a data leak originating from a third-party service provider that exposed some financial information of its clients. The event raised concerns about oversight and risk management among vendors, LinkedIn reveals.
Malware specifically tailored for Brazilian banks has grown more advanced. Variants like BBTok have been used to impersonate login portals of banks such as Itau, tricking users into revealing sensitive credentials and two-factor authentication codes.
Other strains like AllaKore RAT, Coyote Trojan, and CHAVECLOAK have been widely deployed, affecting over 60 local financial institutions. These trojans often spread through phishing emails and malicious links targeting end users.
Adding to the complexity, a global outage in 2024 triggered by a faulty update from cybersecurity firm CrowdStrike disrupted services across several industries, including Brazilian banks like Bradesco.
Brazil’s central bank on July 2, 2025, confirmed a cyberattack on C&M Software, a key tech provider for financial institutions without direct connectivity infrastructure. The attack led to an immediate suspension of access to C&M’s systems by these institutions. C&M revealed that attackers attempted to misuse client credentials but said its core systems remain operational. It is working with authorities to investigate the breach.
Among the affected entities, BMP reported unauthorized access to central bank reserve accounts used for interbank settlements, but assured no customer data or internal funds were compromised. Around 24 small financial institutions were impacted, though no significant financial losses have been reported, Reuters news report said.
C&M Software, which supports over 350 financial institutions globally, plays a vital role in Brazil’s digital finance ecosystem. It serves fintechs, BaaS platforms, and Open Finance participants, and is involved in Pix integrations and real-time settlement services. The incident highlights rising cybersecurity risks amid Brazil’s rapid digital financial growth.
Brazil’s cybersecurity market
Brazil’s cybersecurity market is experiencing steady growth, with varying estimates depending on the scope of analysis. According to Statista, the market is projected to reach US $3.23 billion in 2025, with a forecast of US $4.47 billion by 2029, reflecting a compound annual growth rate (CAGR) of around 8.5 percent.
Mordor Intelligence offers a slightly higher 2025 estimate of US $3.68 billion, anticipating growth to US $6.01 billion by 2030, representing a CAGR of about 10.3 percent. In contrast, BlueWeave Consulting reports a much broader view of the market, estimating its size at US $12.11 billion in 2023 and projecting growth to US $15.36 billion by 2030, with a CAGR of 4.2 percent.
These developments underscore the urgent need for financial institutions in Brazil to strengthen cyber defenses. Regulators such as the Central Bank of Brazil (BACEN) and the national data protection authority (ANPD) are increasing pressure on firms to improve threat monitoring, vendor risk assessments, and incident response plans.
Rajani Baburajan
