São Paulo court orders preventive detention of person involved in hacker attack on C&M

Summary: The São Paulo court orders the preventive arrest of João Nazareno Roque, investigated for the largest hacker attack on the Brazilian financial system, which caused losses of R$800 million to the company C&M and financial institutions.

The São Paulo court ordered the preventive arrest of João Nazareno Roque, 48, on Friday, July 11, who is being investigated for the hacking attack on the company C&M. He had been in temporary custody since July 3, according to the newspaper O Globo .

The cyberattack on the software company caused losses of approximately R$800 million to C&M's financial institutions. The IT technician offered his credentials and access to the financial system so the scam could be carried out. The case was considered the largest hacker attack ever recorded on the Brazilian financial system.

Roque had worked at C&M since 2022 , where he worked mostly as an electrician. The company is responsible for connecting smaller banks and fintechs to the Central Bank's (BC) Pix systems.

The money withdrawn from the software company was transferred to three financial institutions (Transfeera, Nuoro Pay, and Soffy), which were suspended by the Central Bank as a precautionary measure, and to more than 20 Pix accounts belonging to direct or indirect participants in the scam.

In a statement to the police, Roque stated that he was approached on the street by a man who knew where he worked and asked details about his job.

Initially, he was offered a R$5,000 payment to use his credentials to access the company's transfer system. The man also said the IT technician would be rewarded with an additional R$10,000 once the scam was executed.

The group accessed C&M's system in the early hours of June 30th and began making several transfers. In a press release, the company stated that the evidence available so far indicates that the security incident resulted in the embezzlement of at least R$800 million.