Integrity of Payments System not Compromised

Central Bank of Curacao and Sint Maarten. Photo


WILLEMSTAD/PHILIPSBURG – The Centrale Bank van Curaçao and Sint Maarten (CBCS) recently received the final report on the forensic investigation conducted in response to the cyberattack on its IT-environment, finding that the integrity of the payments system was not compromised.

Furthermore, no information systems of any of the supervised institutions were affected by the attack, nor did the CBCS incur any data loss.

On Thursday, September 2, 2021, the CBCS was alerted by Interpol of a possible cyberattack on its IT environment. In response, an incidence response team was immediately established and a forensic investigation was launched, focusing primarily on safeguarding the integrity of the CBCS’s payments system. A preliminary analysis had already found that the payments system had not been compromised, which has now been confirmed.

Following the Interpol alert, the expert team, consisting of the CBCS’s ICT team and local and international experts, took immediate measures to restore data and network security on the Bank’s systems. During the investigation, evidence of the breach was found on the CBCS’s corporate network.

The corporate network was cleaned up and the attack was foiled thanks to the effective
intervention of the expert team. For security reasons, the CBCS does not make any substantive announcements about the (cyber)security and mitigation measures taken.
Hackers succeeded in gaining access to the CBCS’s network in spite of the fact that the Bank’s cyber security is set up along the lines of best international practices and that continuous investments are being made in that area.

“This has been an eye-opening incident from which lessons must be drawn—
for ourselves, in the first place. But it should also serve as a wake-up call for others. Multiple exchanges have therefore been held with the Information Risk departments of local financial institutions to share our experiences,” said CBCS President Richard Doornbosch.

The CBCS has been in touch with financial institutions and other stakeholders at various times and is keeping them directly informed of any relevant developments. The Ministers of Finance of both countries were also briefed, in strict confidentiality, on the incident as it was developing, as well as on the results of the forensic investigation.

The CBCS considers its cyber security an internal matter and will not be communicating further on the subject in the media.