Local banks’ clearing house reveals hack
(CNS): ACH (Cayman) Limited (ACH), which was created by the local high street banks, has been hacked, according to officials from the Cayman Islands Bankers Association, who said malware was detected on the Cayman server. A statement released by CIBA said they were alerted to the appearance of malware in the third party processor on 21 May, more than two weeks ago. This is the server that provides clearing settlement services for domestic electronic fund transfers and cheques among all of the ACH banks. CIBA said there was no evidence yet that any of these banks’ systems have been impacted.
While no details have been revealed about how the malware was detected or if any ransom has been demanded, speaking on behalf of the clearing house, CIBA said the malware had been quarantined and removed from the affected Cayman server. In addition, fraud and security monitoring has been increased across all systems and a specialist forensic IT security consultants have been appointed to investigate. Each bank has notified and will continue to liaise with the relevant Cayman Islands regulators.
ACH is jointly owned by Butterfield Bank (Cayman), Cayman National Bank, CIBC FirstCaribbean International Bank (Cayman), Fidelity Bank (Cayman), RBC Royal Bank (Cayman) and Scotiabank & Trust (Cayman).
“At this stage there is no evidence that any customer data for any ACH bank has been accessed or compromised. Each of the ACH banks is committed to being a responsible custodian of the information provided and the information processed in the course of providing banking services,” an unnamed person from ACH said. “While there is no evidence at this stage that any bank customer data has been compromised, if any client identifies any suspicious activity in connection with any account, please report this to your bank immediately.”
Customers are asked to check their bank websites for more information or contact them directly with any concerns.
- Fascinated
- Happy
- Sad
- Angry
- Bored
- Afraid
Category: Banking & money, Business
Weird that today i got my FIRST EVER hack email from “CBN” 🙂
I just got a bogus email that looked like it came from Butterfield. The email was referencing a domestic transfer and verification code. I called Butterfield and they informed me that they knew about the email as they has received phone calls from several customers.
The message looked legit until you checked the email address and it came from @alert.com .
I don’t know about the others but Butterfield’s online offering is riddled with so many errors I shudder to think how many vulnerabilities they have.
Errors do not mean vunerabilities. I use it and yes there are some issues but not in the security area. Works best in Chrome.
I’m not in IT but when I see a 2005 Honda Accord with a cracked windscreen, peeling paint and knackered shocks I don’t need a mechanic to tell me it doesn’t have a $100,000 race engine in it.
I think the website is what you call a sleeper!
When I see a system driven by Oracle I believe it is quite good.
Not to mention their awful service!
This engages the Data Protection Act and, if government is roped in, then section 9 of the Bill of Rights is engaged as well.
All the banks should have cyber security insurance to cover liability if data is breached. Data Protection Law states that customers and Ombudsman should be notified of breach once it becomes apparent there has been an issue.
When British Airways got hacked they ended up paying out millions in compensation to their customers.
This does not surprise me.
Some of the banks still use Windows 7… which was EOL and has not been supported since 2020.
What does this have to do with the story? The banks did not get hacked.
WTF does that have to do with malware on a server in a non-bank company???
The maiware might be just the tip of the iceberg. Chinese hardware in the server might contain a greater sleeping threat gathering data for a later ransom or full on sytem takedown.
Watch and wait
How could this happen in the private sector.
Paranoid much?
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Sometimes you just have to prove it to the blind sheep. Well done.
Yea people called me paranoid about a virus warfare attack and see how that turned out?
The way the Retail banks treat native Caymanian staff and local customers these days maybe this is Karma.
Here we go again
Karma that those same staff and local customers should have their bank accounts and transactions potentially exposed? I don’t get it. Think before you type?
Always complaining are you? That’s why some natives don’t get ahead.
So will there be a fine?
Did they notify the Ombudsman? Heavy fines should be due if they didn’t.
They wouldn’t have gone public without notifying the appropriate authorities.
mickey mouse wears an ACH wristwatch…
I don’t understand how we weren’t notified immediately? I understand there are risks to online systems, all over the world, but on what planet does it take two weeks to notify patrons of a hack?
The standards have to be rewritten, there should have been a warning posted on my online system or something to alert me to the hack.
Now how do we trust this is a non-issue?
Read the Data Protection Act. It already requires this notification.
Correct.
This has nothing to do with your online banking system.
Yes, folks, time to stock-up on mason jars to bury your savings. It’s safer!
Lol no, just dump it into crypto. I get ~20% APY.
Plus or minus?
That depends how much the wind is blowing today.
Time for the regulator to consider deposit insurance.
time for the depositor to consider……
This has nothing to do with the clearing house, deposit insurance would be the banks responsibility.
Deposit insurance only helps if a Bank goes under.