Banese | Notice to the Market



Banco do Estado de Sergipe S.A. (“BANESE or Company”), a multiple bank created as a state-owned corporation, hereby informs its shareholders and the market in general that its technical area has detected undue consultation to data related to 395,009 PIX keys, exclusive via telephone, of non-clients of the Company, through the access of two (2) bank accounts of BANESE clients, probably obtained through social engineering (phishing or similar methods). The Company informs that such action did not affect the confidentiality of passwords, transaction history, or any other financial information of its clients.

Such consultations were made on the Transactional Accounts Identifier Directory (DICT), which is managed by the Central Bank of Brazil (“BACEN”) and provides restricted access to Institutions that start the procedure to carry out a PIX transaction. Such Directory stores registration information, such as name, individual taxpayer’s number (CPF), bank in which the key is registered, branch, account number, and other technical data used for anti-fraud purposes, such as account opening date and key registration information.

Under applicable legislation, according to BANESE’s Information Security and Cybersecurity Policy, and CMN Resolution 4,893/2021, BANESE informed the incident to the National Data Protection Authority (ANPD) and, together with BACEN, has been investigating and informing the facts. Containment actions and technical measures, such as the revocation of access to the two accounts used and the implementation of security mechanisms to prevent similar cases from occurring again, have been promptly taken.

Because of the incident detected and as a form of prevention, the Company reinforces the need to adopt basic precautions that should be followed by users of the Financial System, such as i) be always suspicions of SMS messages or messages sent to applications by unknown numbers and never click on links sent by such numbers; ii) be very careful when receiving phone calls from people pretending to be from Banks and never give personal information, codes received via SMS, or bank passwords; iii) be careful with e-mails and fake websites that pretend to be any financial institution; iv) never use easy passwords that are easy to be cracked.

Finally, BANESE’s management reinforces its commitment to keep the market informed, as well as to the transparency and security of the information held by the Company.


Aracaju (SE), September 30, 2021.

Alessio de Oliveira Rezende

Chief Financial, Control and Investor Relations Officer