This month might barely have began any worse for some monetary establishments in Brazil.
On 30 June 2025, C&M Software program, a Brazilian firm that gives a “bridge” serving to the nation’s central financial institution connect with native banks, revealed that it had been hacked.
800 Brazilian reals (roughly US $140 million) was stolen from the reserve accounts of six monetary establishments on account of the safety breach.
Within the wake of the assault, which made large information headlines in Brazil, the nation’s Banco Central suspended entry to C&M Software program’s platform for all native banks and establishments whereas it investigated what had gone flawed, and to comprise the injury.
Then, on Friday 4 July, the information desk of São Paulo’s TV Globo reported that town’s police had arrested an worker of C&M Software program.
48-year-old IT employee Jọo Roque, who labored on backend techniques at C&M Software program, is alleged to have assisted hackers by promoting them login credentials for roughly US $2,700 Рgranting them unauthorised entry to delicate crucial techniques.
In keeping with police, Roque created the mechanism for the hackers to divert funds. In keeping with TV Globo Roque claims to have solely communicated with the cybercriminals by way of cellphone, and didn’t identified personally. He’s mentioned to have modified his cell phone each 15 days in an try – clearly futile – to keep away from being tracked.
In a police assertion, Roque reportedly claimed that he had first been approached in March by cybercriminals as he was leaving a São Paulo bar. He claims that later he acquired directions by way of WhatsApp, and acquired funds for his companies by way of a bike courier.
The cash finally stolen by the hackers was from reserve accounts, utilized by monetary establishments to trade funds between themselves, moderately than these belonging to clients – which means that members of the general public shouldn’t be instantly impacted by the assault.
Additional investigations into the assault are ongoing. Brazilian authorities have since frozen US $50 million linked to the incident, and C&M Software program says that it’s co-operating with the investigation and that it has now introduced its platform again on-line.
Assaults like this strongly underline the significance of not simply contemplating your organisation’s safety, but additionally the safety of your suppliers and the dangers that their workers would possibly pose.
