Business
Security breach at CIBC FirstCaribbean International Bank as client records accessed by outsiders
(Jamaica Gleaner) Client records of CIBC FirstCaribbean International Bank have been accessed by outsiders, but the bank says the breach should not be described as a hack.
The security breach occurred at the facility of a third-party service provider, said the regional bank in a circular to accountholders advising that the personal information of local and regional cardholders had been exposed. The bank has placed high-risk cardholders on alert to the possibility of fraud.
“This incident may potentially affect some of your personal information. The information may have included your name address, telephone number, identification information, card number and expiry date,” said the circular to the bank’s Jamaican clientele dated February 13 and issued via postal mail.
Managing Director of CIBC FirstCaribbean Jamaica, Nigel Holness said Tuesday that the perpetrators potentially copied cardholder’s personal information. He said the origin of the breach was unknown, but said that it affects “cardholders beyond Jamaica”. He did not disclose the name of the facility that had been breached. Holness declined to classify the breach as a hack.
“I would not say it was a hack because that is a technical term and I am not of that technical expertise,” he told reporters. “What I can say is that in all our internal briefing, the term hack was not used.”
But technology expert Andrew Gordon says the bank is engaged in semantics. “Hacking is the method used to breach security,” said Gordon, a technology lecturer at the University of Technology, who explained that companies avoid using the word hack to soften the impact. “From a public-relations perspective, you have to make it not look so bad.”
The CIBC FirstCaribbean International Bank operates 13 branches locally, but is part of the largest regionally-listed financial services institution, located in 17 countries around the Caribbean with more than US$11.5 billion in assets and a market capitalization of US$2.1 billion in 2012.
The third-party vendor was not terminated. It has re-enforced its defences, according to Holness, who was unable to explain the new measures. In its letter to cardholders, CIBC FirstCaribbean stressed that none of its accounts were compromised, but said that the bank would compensate any affected clients for losses arising from the unauthorized access.
“We have not detected any instances of our client accounts being compromised. However, we continue to monitor for any suspicious activity and ask our clients to do the same, online where possible,” said the bank’s letter signed by manager of Customer Care and Sales Center in Jamaica, Stacy Davis Thompson.
The circular provided contact numbers for customer-care centres in six CIBC FirstCaribbean markets, including Jamaica, as well as two toll-free numbers for other countries.
CIBC FirstCaribbean is the second high-profile corporation to be targeted by hackers this year. In January, telecoms firm, Digicel, experienced a security breach in which customers’ personal information was allegedly accessed. According to reports, the hacker was able to access personal information, including text messages and voicemail, of thousands of Digicel customers. It is alleged that the hacker also made attempts to blackmail the company with the stolen information. Police have since arrested one man related to that case.