This month might barely have began any worse for some monetary establishments in Brazil.
On 30 June 2025, C&M Software program, a Brazilian firm that gives a “bridge” serving to the nation’s central financial institution connect with native banks, revealed that it had been hacked.
800 Brazilian reals (roughly US $140 million) was stolen from the reserve accounts of six monetary establishments on account of the safety breach.
Within the wake of the assault, which made large information headlines in Brazil, the nation’s Banco Central suspended entry to C&M Software program’s platform for all native banks and establishments whereas it investigated what had gone improper, and to comprise the harm.
Then, on Friday 4 July, the information desk of São Paulo’s TV Globo reported that the town’s police had arrested an worker of C&M Software program.
48-year-old IT employee João Roque, who labored on backend methods at C&M Software program, is alleged to have assisted hackers by promoting them login credentials for about US $2,700 – granting them unauthorised entry to delicate vital methods.
In response to police, Roque created the mechanism for the hackers to divert funds. In response to TV Globo Roque claims to have solely communicated with the cybercriminals by way of cellphone, and didn’t recognized personally. He’s mentioned to have modified his cell phone each 15 days in an try – clearly futile – to keep away from being tracked.
In a police assertion, Roque reportedly claimed that he had first been approached in March by cybercriminals as he was leaving a São Paulo bar. He claims that later he obtained directions by way of WhatsApp, and obtained funds for his companies by way of a motorbike courier.
The cash finally stolen by the hackers was from reserve accounts, utilized by monetary establishments to alternate funds between themselves, fairly than these belonging to prospects – which means that members of the general public shouldn’t be instantly impacted by the assault.
Additional investigations into the assault are ongoing. Brazilian authorities have since frozen US $50 million linked to the incident, and C&M Software program says that it’s co-operating with the investigation and that it has now introduced its platform again on-line.
Assaults like this strongly underline the significance of not simply contemplating your organisation’s safety, but additionally the safety of your suppliers and the dangers that their workers may pose.
