The Central Bank of Brazil (BC) has announced a significant data leak concerning registration data associated with PIX keys that are managed by Agibank. This incident, which occurred between December 26, 2025, and January 30, has revealed data pertaining to 5,290 PIX keys, including user names, partially obscured CPF numbers, financial institution names, agency numbers, as well as account numbers and types. The breach was attributed to isolated failures within Agibank's systems.

Despite the severity of the leak, the BC confirmed that sensitive information such as passwords, transaction records, and financial balances were not compromised. Additionally, information that falls under banking secrecy has also remained intact. The Central Bank emphasized that the leaked data only includes registration details, which do not enable any financial transactions or unauthorized access to accounts or other confidential financial information.

This incident raises concerns about the security measures implemented by financial institutions, particularly in light of the increasing reliance on digital payments through systems like PIX. While the breach does not expose sensitive financial data, it nevertheless highlights the need for stringent security protocols to protect user information in a rapidly evolving digital financial landscape. Agibank, alongside the BC, will likely face scrutiny regarding their operational security as clients become increasingly aware and concerned about data protection in banking transactions.