Financial institutions in The Bahamas are scrambling to solve a major data breach at an international acquiring company that compromised thousands of credit cards.
While details are still trickling in, Guardian Business can confirm that an entity located outside of the country was infiltrated. As a result, sensitive personal information has spilled into the hands of cyber criminals.
Guardian Business understands that both Visa and MasterCard have been impacted by the breach, prompting banks in The Bahamas to re-issue thousands upon thousands of cards.
“All Bahamian banks had their card data compromised. This theft took place elsewhere and we were notified by Visa on Friday,” said Anwer Sunderji, CEO of Fidelity Bank (Bahamas). “We chose to replace all the cards we had issued and this process took place over the weekend.”
It is unknown whether Bahamian consumers lost significant funds during this time.
Paul McWeeney, the managing director at Bank of The Bahamas (BOB), said credit card companies and the Central Bank called all major financial institutions to warn them of the breach.
Most banks responded by lowering the call-back threshold for customers to $500. In other words, if you spent more than that on the weekend, the bank would immediately verify your identity.
However, McWeeney told Guardian Business that BOB has not received any formal notices from Visa regarding any breach. It has also not received any customer complaints when called about transaction activity.
“We got wind of it on Friday, but we’ve had no alerts. We placed calls to Visa and asked them to confirm that none of our clients are impacted,” he added.
The managing director told Guardian Business that security is extremely important to BOB, and to protect the bank, a team flies to The Bahamas periodically to perform “penetration tests”. In essence, a legitimate firm tries to hack into the BOB system.
“This area is constantly evolving,” he explained. “We have to make sure we are updated.” Meanwhile, Sunderji said Fidelity has reissued new credit and debit cards to all of its clients.
Ian Jennings, the president of Commonwealth Bank Limited, said the financial institution is still “reviewing the situation”.
“The real challenge is we don’t know the extent of the information released. Sometimes it can be very little. There is a potential for it being a large amount. So the banks are very cautious in their approach to limiting any exposure.”
Commonwealth Bank will complete its assessment shortly and come up with a strategy to address the breach. Jennings told Guardian Business that banks should know soon the extent of the problem once transactions are processed in the coming days.
“If we decide to do replacement cards, we’ll let our customers know,” he said.
The apparent data breach at the hands of hackers casts doubt on the security of Bahamian financial information located in other jurisdictions. It also generates confusion, as financial institutions appear to be at odds in terms of its impact.
This latest incident comes shortly after The Bahamas was featured on a list of nations being used as a base of operation by hackers.
According to a global research team from Websense Inc., a leader in Internet security, The Bahamas is ranked second among the top five countries in the world which host phishing sites.
Phishing is an act of fraud in which persons fall victim to websites masquerading as trustworthy sites.
The report said that organizations face an average of 1,719 attacks for every 1,000 users. The Bahamas was the only Caribbean nation on the list.
By Jeffrey Todd
Guardian Business Editor