EVERTEC, Inc. · EVTC

Breach taxonomy

Summary

On August 29, 2025, Sinqia S.A., a Brazilian subsidiary of EVERTEC, Inc., identified unauthorized activity in its Pix real-time payment environment. Approximately R$710 million (~$142M USD) in unauthorized B2B transactions affecting two financial institution customers were processed through Sinqia's Pix environment via exploited legitimate IT vendor credentials. The BCB prohibited Sinqia from resuming processing in the Brazilian Payments System (SPB) pending review and approval. Forensic analysis confirmed the breach was limited to Sinqia's Pix environment through third-party IT vendor credential exploitation. Filed under Item 8.01; materiality not yet determined as of filing date.

Tagging rationale