Cyber Incident Victim: C&M Software

On July 1, 2025, the Banco Central issued a statement confirming that C&M Software had suffered a cyber attack. The Banco Central described C&M Software as a provider of technology services for institutions that offer transactional accounts without possessing their own connection means. According to the Banco Central’s note, C&M Software had informed the authority of the intrusion but did not disclose any financial values associated with the breach. The central bank’s statement also indicated that the attacker gained access to various accounts, including one belonging to a provider of banking‑as‑a‑service. In reaction to the incident, the Banco Central ordered the immediate disconnection of all institutional access to the infrastructures operated by C&M Software. The disconnection order applied to all entities that relied on C&M Software’s infrastructure for their transactional services.

The Banco Central’s notice did not reveal the exact monetary loss resulting from the attack. However, the Brazil Journal was cited in the article as estimating that the potential damage could reach as high as R$1 billion. The article’s timestamp indicates that the report was published on July 1, 2025, the same day the Banco Central made its confirmation. Journalists attempted to contact C&M Software for a comment but received no response before the article went to press. The publication noted that the space for the company’s manifesto remained open for any future statements. No further technical details about the attack vector, malware used, or duration of the intrusion were provided in the source material.