Local banks’ clearing house reveals hack

| 07/06/2021 | 39 Comments

(CNS): ACH (Cayman) Limited (ACH), which was created by the local high street banks, has been hacked, according to officials from the Cayman Islands Bankers Association, who said malware was detected on the Cayman server. A statement released by CIBA said they were alerted to the appearance of malware in the third party processor on 21 May, more than two weeks ago. This is the server that provides clearing settlement services for domestic electronic fund transfers and cheques among all of the ACH banks. CIBA said there was no evidence yet that any of these banks’ systems have been impacted.

While no details have been revealed about how the malware was detected or if any ransom has been demanded, speaking on behalf of the clearing house, CIBA said the malware had been quarantined and removed from the affected Cayman server. In addition, fraud and security monitoring has been increased across all systems and a specialist forensic IT security consultants have been appointed to investigate. Each bank has notified and will continue to liaise with the relevant Cayman Islands regulators.

ACH is jointly owned by Butterfield Bank (Cayman), Cayman National Bank, CIBC FirstCaribbean International Bank (Cayman), Fidelity Bank (Cayman), RBC Royal Bank (Cayman) and Scotiabank & Trust (Cayman).

“At this stage there is no evidence that any customer data for any ACH bank has been accessed or compromised. Each of the ACH banks is committed to being a responsible custodian of the information provided and the information processed in the course of providing banking services,” an unnamed person from ACH said. “While there is no evidence at this stage that any bank customer data has been compromised, if any client identifies any suspicious activity in connection with any account, please report this to your bank immediately.”

Customers are asked to check their bank websites for more information or contact them directly with any concerns.

Read more about the ACH here.


Share your vote!


How do you feel after reading this?
  • Fascinated
  • Happy
  • Sad
  • Angry
  • Bored
  • Afraid
Print Friendly, PDF & Email

Tags: , ,

Category: Banking & money, Business

Comments (39)

Trackback URL | Comments RSS Feed

  1. Anonymous says:

    Weird that today i got my FIRST EVER hack email from “CBN” 🙂

    • Anonymous says:

      I just got a bogus email that looked like it came from Butterfield. The email was referencing a domestic transfer and verification code. I called Butterfield and they informed me that they knew about the email as they has received phone calls from several customers.

      The message looked legit until you checked the email address and it came from @alert.com .

  2. Anonymous says:

    I don’t know about the others but Butterfield’s online offering is riddled with so many errors I shudder to think how many vulnerabilities they have.

  3. Anonymous says:

    This engages the Data Protection Act and, if government is roped in, then section 9 of the Bill of Rights is engaged as well.

  4. Anonymous says:

    All the banks should have cyber security insurance to cover liability if data is breached. Data Protection Law states that customers and Ombudsman should be notified of breach once it becomes apparent there has been an issue.

    When British Airways got hacked they ended up paying out millions in compensation to their customers.

  5. Anonymous says:

    This does not surprise me.
    Some of the banks still use Windows 7… which was EOL and has not been supported since 2020.

  6. Anonymous says:

    The maiware might be just the tip of the iceberg. Chinese hardware in the server might contain a greater sleeping threat gathering data for a later ransom or full on sytem takedown.

    Watch and wait

  7. Anonymous says:

    The way the Retail banks treat native Caymanian staff and local customers these days maybe this is Karma.

  8. Anonymous says:

    So will there be a fine?

  9. Anonymous says:

    Did they notify the Ombudsman? Heavy fines should be due if they didn’t.

  10. Anonymous says:

    mickey mouse wears an ACH wristwatch…

  11. Anonymous says:

    I don’t understand how we weren’t notified immediately? I understand there are risks to online systems, all over the world, but on what planet does it take two weeks to notify patrons of a hack?
    The standards have to be rewritten, there should have been a warning posted on my online system or something to alert me to the hack.
    Now how do we trust this is a non-issue?

  12. Anonymous says:

    Yes, folks, time to stock-up on mason jars to bury your savings. It’s safer!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.