Brinztech Alert: Hackers Attempt $130M Heist After Breaching Evertec Subsidiary Sinqia

Incident Analysis

Financial technology giant Evertec has disclosed in a filing with the U.S. Securities and Exchange Commission (SEC) that hackers breached its Brazilian subsidiary, Sinqia S.A., on August 29, 2025. The attackers gained unauthorized access to Sinqia’s environment on Pix, Brazil’s real-time payment system, and attempted to conduct fraudulent business-to-business transactions totaling $130 million.

According to Evertec, the incident was detected quickly, and Sinqia immediately halted transaction processing in its Pix environment. The investigation revealed that the attackers gained access by using stolen credentials belonging to an IT vendor’s account, making this a critical supply chain attack. While a portion of the fraudulent transfers has been recovered, the Central Bank of Brazil has revoked Sinqia’s access to the Pix system pending the investigation. The company noted in its filing that the ultimate financial and reputational impact “could be material.”

Key Cybersecurity Insights

This attempted digital heist provides several critical insights into the modern financial threat landscape:

• A Critical Supply Chain Breach: The root cause of this incident was not a direct attack on the primary victim, Sinqia, but a compromise of one of its third-party IT vendors. This is a classic and highly effective supply chain attack, where attackers bypass a strong perimeter by targeting a weaker link in the chain of trust.
• Exploitation of a National Real-Time Payment System: The attack specifically targeted Brazil’s Pix system, a critical piece of the country’s financial infrastructure. By compromising a trusted software provider like Sinqia, the attackers were able to inject fraudulent transactions into a system where transfers are instant and often irreversible.
• Severe Financial and Reputational Risk: The attempted theft of $130 million is a catastrophic risk for any fintech firm. The incident has resulted in Sinqia’s access to the Pix system being revoked by the Central Bank of Brazil, causing significant operational and reputational damage, regardless of the final amount recovered.

Recommendations for Financial Institutions

This incident serves as a critical reminder for all financial and fintech companies to prioritize the following security measures:

• Implement and Enforce a Robust Third-Party Risk Management Program: The initial point of failure was a compromised vendor. All financial institutions must have a rigorous program to vet the security of their third-party partners. This includes enforcing strict security requirements, regularly auditing vendor access, and ensuring they adhere to the same high standards as internal teams.
• Secure All Privileged and Vendor Accounts with MFA: The attack was initiated via stolen credentials. All access to critical financial systems, especially for third-party vendors and internal privileged accounts, must be protected with mandatory Multi-Factor Authentication (MFA). A password alone should never be enough to access a payment system.
• Develop a Rapid Response Plan for Real-Time Payment Fraud: In an instant payment system like Pix, fraud occurs in seconds. Financial institutions need a well-rehearsed incident response plan specifically for this scenario, with the ability to immediately halt transaction processing, isolate systems, and engage with central bank authorities and law enforcement.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com