Hackers attempted to steal $130 million from Sinqia S.A., the Brazilian subsidiary of financial technology giant Evertec, after infiltrating its environment on Brazil’s real-time payment system, Pix. The incident, disclosed in a U.S. Securities and Exchange Commission (SEC) filing, underscores the growing security risks facing Latin America’s financial sector.
According to Evertec, the breach was detected on August 29, 2025, when Sinqia identified unauthorized activity within its Pix payment environment. The company immediately halted transaction processing and engaged external cybersecurity forensics teams to contain the threat.
Background on Evertec and Sinqia’s Role in Brazil’s Financial Ecosystem
Evertec is a leading financial technology provider and full-service transaction processor across Latin America, Puerto Rico, and the Caribbean. In 2023, the company acquired São Paulo-based Sinqia, a publicly traded firm specializing in financial software and IT services for banks and financial institutions.
Sinqia plays a critical role in Brazil’s banking infrastructure, supporting the operations of 24 financial institutions through its access to Pix. The system, introduced by the Central Bank of Brazil in November 2020, enables 24/7 instant transfers and has rapidly become the most widely used payment method in the country. Its popularity has also made it a frequent target of cybercriminals, particularly those deploying Android banking malware.
SEC Filing Confirms Attack on Sinqia’s Pix Environment
In its SEC disclosure, Evertec detailed the sequence of events:
“On August 29, 2025, Sinqia S.A., a Brazilian subsidiary of EVERTEC, Inc., identified unauthorized activity in its environment of the Brazilian Central Bank real-time payment system known as Pix. Upon detecting the incident, and in accordance with its incident response protocol, Sinqia halted transaction processing in its Pix environment and began working with outside cybersecurity forensics experts.”
The company confirmed that attackers attempted unauthorized business-to-business transfers involving two financial institutions. While local media outlets linked HSBC to the incident, the bank stated that no customer funds or data had been compromised.
Hackers Used Stolen Vendor Credentials to Breach Pix Environment
Investigators determined that the attackers gained access through stolen credentials belonging to an IT vendor’s account. Using this foothold, they infiltrated Sinqia’s Pix environment and attempted to move funds.
Although the hackers initially succeeded in initiating unauthorized transfers, Evertec reports that a portion of the stolen funds has already been recovered. The exact amount remains undisclosed, and recovery operations are still underway.
Immediate Regulatory and Operational Consequences
Following the breach, the Central Bank of Brazil revoked Sinqia’s access to Pix as a precautionary measure. Evertec confirmed that no evidence suggests the attack spread beyond Sinqia’s Pix environment or involved the exposure of personal data.
The company is now working to restore access by providing the central bank with the required assurances and technical documentation. Until then, services for the 24 financial institutions relying on Sinqia’s Pix connectivity remain disrupted.
Potential Financial and Reputational Impact Under Evaluation
Evertec warned in its filing that the long-term impact of the attack could be significant:
“The financial and reputational impact of the incident, including any impact on the Company’s internal controls, are not yet known and could be material.”
With Pix serving as a critical infrastructure for Brazil’s banking sector, the breach raises broader concerns about the security of instant payment systems and their reliance on third-party vendors.
Growing Risks Around Pix and Instant Payment Systems
Brazil’s Pix system processes billions of transactions monthly, making it a prime target for cybercriminals. Security researchers have repeatedly warned that payment processors, banking software vendors, and third-party IT providers remain attractive entry points for attackers.
This latest incident involving Evertec’s Sinqia subsidiary highlights how credential theft and supplier compromise remain persistent threats. As financial services continue to digitize, such risks are expected to intensify.
