Cyber Incident Victim: XP Investimentos SA
Date:
Jan 2013
Location:
Brazil
Summary
Hackers stole data from 29,000 clients of XP Investimentos SA and attempted to extort 22.5 million reais ($7.1 million) from the Brazilian securities firm's controlling shareholder to prevent disclosure of the breach, which occurred in a prior period. The company confirmed the security incident and stated client investments remained secure, while Brazilian authorities continued investigating the matter, highlighting broader cybersecurity risks faced by financial institutions in the country.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In January 2017, Brazilian newspaper Valor Econômico reported that hackers had stolen data from approximately 29,000 clients of XP Investimentos SA, an independent securities brokerage firm. The breach occurred between 2013 and 2014, though details about the specific methods of intrusion or data exfiltration were not disclosed. According to documents reviewed by Valor, the attackers subsequently attempted to extort 22.5 million reais ($7.1 million) from Guilherme Benchimol, XP's controlling shareholder and CEO, in exchange for keeping the security incident confidential. XP acknowledged the breach in a statement to Valor but did not confirm whether any ransom was paid. The company asserted that client investments remained secure, though it provided no technical or operational details to substantiate this claim. Brazilian authorities initiated an investigation into the incident, though the status of these inquiries was not specified in the report. XP's media office in São Paulo could not be reached for additional comment outside business hours, limiting public information about the breach's scope beyond the confirmed number of affected clients.
The incident highlighted systemic cybersecurity challenges within Brazil's financial sector, which had experienced a surge in cyberattacks two to three years prior to the 2017 report. Industry data indicated Brazilian banks collectively invested over 10 billion reais annually in security measures spanning physical branches and digital platforms like mobile apps. XP's breach demonstrated that non-bank financial entities faced comparable risks despite such sector-wide investments. No customer financial losses or unauthorized transactions were publicly linked to the data theft at the time of reporting. The extortion attempt against Benchimol marked a targeted approach by threat actors seeking to exploit corporate reputational concerns. Valor's disclosure represented the first public account of the years-old breach, suggesting potential delays in external notification or detection. Investigations by Brazilian authorities remained ongoing, with no resolution or attribution disclosed in the available report.