ACH Cayman Limited, the company that manages electronic bank transfers between seven local banks, has announced the discovery of malware on the Cayman server of a third-party services provider.
This third-party processor provides clearing settlement services for domestic electronic funds transfers and cheques between the participating banks.
The company said the malware attack was limited to the service provider’s server and no customer data had been affected.
“At this stage there is no evidence that any ACH bank system has been impacted,” the company said in a statement.
ACH was set up by Cayman National, RBC Royal Bank, Butterfield, Fidelity, FirstCaribbean and Scotiabank.
Malware is a generic term for malicious software that harmfully probes computer systems by attempting to steal, encrypt or hijack computer functions.
The company said the malware had been quarantined and removed from the affected Cayman server.
ACH has appointed specialist forensic IT security consultants to investigate, and participating banks have notified the regulators.
The clearing house said: “This statement is being issued to all ACH bank customers out of an abundance of caution only. At this stage there is no evidence that any customer data for any ACH bank has been accessed or compromised.
“Each of the ACH banks is committed to being a responsible custodian of the information provided and the information processed in the course of providing banking services,” the statement added.
The company said it had increased fraud and security monitoring across all systems, in response to the incident.
Hacking attacks and data breaches are on the rise globally. Last year there were almost 4,000 reported major data breaches in the US, up from 622 in 2010.
According to a data security report by IBM, it takes on average more than 300 days to detect and contain a breach.
Banks among the main targets
In a separate statement, Scotiabank warned its customers last week to be vigilant as fake apps, fake website and email scams are all on the rise.
“Across the region there have been multiple attempts by fraudsters who will try to steal funds or obtain customers personal information using these online channels,” said Chervain Stuart, senior manager, retail banking, in a press release.
“In Cayman, we are equally at risk and so customers are also asked to take steps to verify the legitimacy of any email, websites and apps – particularly sites used to conduct purchases and other financial transactions or those requesting personal information.”
She said online criminals have become more skilled at creating fake websites and mobile applications that appear identical to legitimate ones. Some may even go as far as selling, or attempting to sell, knock-off versions of the site’s products.
Broken links and sites that appear to be poorly designed are an immediate tell-tale sign that a website may be fraudulent, the bank noted, but customers should also double-check the legitimacy of email addresses.
Email or phishing scams make use of the same techniques to deceive banking clients to disclose personal data and information.
Banks will generally not request personal information or initiate payments and account changes via email or by asking customers to click a link.
“It is difficult to provide a full list of methods that are used to scam customers and therefore, we urge vigilance all around,” Stuart said.
If there are one or more errors in the email correspondence or any other suspicious content that appears while browsing, users should immediately exit the email, site or app, Scotiabank said.
Customers who have accidentally clicked a link or provided personal information should contact their bank immediately.