Offshore bank says hacktivists pwned its systems

Cayman National Bank has confirmed a data breach impacted two Isle of Man subsidiaries

Cayman National Bank has officially confirmed that it suffered a “data hack”, without specifying the scope of the breach.

The offshore bank’s admission of a problem follows weekend claims by black hat hackers Phineas Fisher that they had hit the bank alongside publication of 2TB of exfiltrated data.

Cayman National Corporation said that the theft is contained within the Cayman National Bank (Isle of Man) Limited and Cayman National Trust Company (Isle of Man) Limited subsidiaries and does not affect Cayman National Bank (CNB) or any other operation in the Cayman Islands.

“All of Cayman National’s operations within the Cayman Islands, including CNB, are separate and distinct operations from the bank in Isle of Man,” it explained in a statement about the breach.

“The two banks do not share common systems, databases, client information, or email platforms.”

The Isle of Man Financial Services Authority and Information Commissioner’s Office (ICO), along with the Cayman Islands Monetary Authority, have all been informed about the breach.

Cayman National Bank (Isle of Man) was amongst a number of banks targeted and subject to the same hacking activity, according to the bank.

Read more of the latest cybercrime news from The Daily Swig

“A criminal investigation is ongoing and Cayman National is co-operating with the relevant law enforcement authorities to identify the perpetrators of the data theft,” the offshore bank stated, adding the customary remarks whenever a data breach occurs that it “takes any breach of data security very seriously”.

“A specialist IT forensic investigation is underway, with appropriate actions being taken to ensure that the clients of Cayman National’s Isle of Man bank and trust companies are protected,” the bank concluded, adding that it was in process of notifying affected customers.

The Daily Swig asked the bank what types of data might have been compromised, as well as how many customers were affected.

No response as yet but we’ll update this story as and when more information comes to hand.

Phineas Fisher claimed that it had stolen money and documents from the bank, adding that it carried out the attack in 2016, after which it gave the money away.

The group offered to pay other hackers $100,000 in cryptocurrency in return for carrying out similar politically-motivated hacks, Motherboard reports.

Phineas Fisher is notorious for hacking into the systems of Gamma Group and Hacking Team, both of which market controversial surveillance software.

Twitter account Distributed Denial of Secrets (@DDoSecrets), a self-styled transparency collective, posted a link to a Torrent of leaked data from Cayman National Bank.

It promised to release a more easily searchable archive of 600,000 emails later this week.

YOU MIGHT ALSO LIKE Sberbank of Russia completes investigation into dark web data leak

Source: portswigger.net