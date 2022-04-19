Banco Pan (BPAN4) confirmed the leak of customer data, such as registration data, available credit card limit and invoice balance, but did not say how many customers were affected.

The former Panamericano bank, which is now controlled by BTG Pactual (BPAC11) and is publicly traded on the Brazilian stock exchange, has 17 million customers and 13 million credit card customers, according to data from the last quarter.

Questioned by InfoMoney, the company also did not inform because it did not make any official statement to its shareholders. Despite confirming the leak of customer data to the press, there is no mention of the incident on the Investor Relations website or on the CVM (Commission of Real Estate).

The company says that the leak occurred due to “a fragility in the platform of a technology provider, used in the Customer Service Center of the card segment” and that the vulnerability “allowed the unauthorized copying of registration data, with an available limit of debit balance card”.

Read too:

Banco Pan says, however, that “complete card numbers, passwords or any data that incurs a direct financial risk for the customer and the bank” were not exposed and said it had hired an independent consultancy to analyze the leak.

“We activate our security protocols, notify the software company for immediate correction of the vulnerability and hire independent expert consulting for a complete analysis”, says the company. “We reinforce that information security is our priority and that all competent authorities have been notified.”

See below the official statement from Banco Pan (BPAN4) about the leak of customer data:

We recently detected a weakness in the platform of a technology provider, used in the Customer Service Center for the card segment. We activate our security protocols, notify the software company for immediate correction of the vulnerability and hire independent expert consulting for a complete analysis.

According to the investigation in progress, it was already possible to verify that there was no current account compromise, system unavailability, or invasion of the Bank’s infrastructure, having been confirmed, however, that the exploitation of the vulnerability allowed the unauthorized copying of data records, of the available limit of the card, the debit balance of the invoice, without having exposed complete card numbers, passwords or any data that incurs a direct financial risk for the customer and for the Bank.

We reinforce that information security is our priority and that all competent authorities have been notified.

9 ways to turn your Income Tax into cash: a free eBook shows you how – go here!

Related