The Central Bank of The Bahamas (CBOB) was made aware of an unauthorized access to its external facing, public website data on June 28, the bank announced.
In a statement, the bank said it is investigating the incident as it looks to contain the exposure.
“The bank has no indication that any personal information was accessed or viewed by any unauthorized person,” the statement read.
“To be transparent, and out of an abundance of caution, we are however, notifying all stakeholders.”
According to the bank, it has implemented several protective measures since discovering this incident, as it takes data privacy and security “very seriously”, and responds promptly to security incidences.
While this is not the first time criminals target a bank it should be point out that this has become the norm, and as such they should have invested more in web security. This backs have most of their costumer’s private information and some of it cannot be replaced. I wonder what actual changes and additions they’ll do to prevent this from happening again.
Despite the basic truths in your comment, I still believe they are some gaps which need to be highlighted. The available information indicates the breach was to their public facing website, not their internal network. Assuming this is true, and not just PR, then the is a reasonable assumption is that no customer data was accessed or lost. Aside from that, it’s useful to consider the fact that Central Banks aren’t likely to store citizen/individual data in the same way a retail bank would.
The point I’m trying to make is that while cyber-attacks should be expected and anticipated, the effectiveness of investing more in web security will be inefficient and ineffective, and possibly useless, if the risk and threat assessments are off.
If you take a look at some of the original reporting on this, it hints at bad vendor management, which isn’t a problem that will necessarily be solved with more money, but some good basic common sense cyber security may have helped