Regional banking giant BSP Financial Group Limited has launched a sweeping forensic investigation alongside international cybersecurity experts following the discovery of an unauthorised breach within its digital infrastructure.
The security compromise, which was detected in a back-office testing environment, triggered an immediate, aggressive containment strategy by the bank.
“Upon detecting the incident, BSP took immediate containment action as a precautionary measure, disabling externally facing internet services,” the banking group said in its market announcement issued by the South Pacific Stock Exchange (SPX).
“This affected a number of BSP’s services with the most significant disruption to internet banking across the group, excluding Fiji, and agency banking in Papua New Guinea (PNG).”
The bank said that breach did not disrupt mobile banking, ATM withdrawals and deposits, all EFTPOS transactions, and over the country branch services.
“BSP is working with leading cyber experts to respond to and investigate the incident.
“The investigation is in the early stages and we have been advised it may take some time to complete in line with security incident response processes.”
While the investigation continues, the banking group will coordinate with relevant government agencies and regulators across the region as necessary and will continue to keep customers, shareholders and key stakeholders updated.
Meanwhile, the bank said it had completed the testing of customer facing services in the production environment and had found no residual threats, with impacts confined to the test environment.
It said it had now been able to successfully restore full services to its customers.
“BSP does not believe there is any ongoing risk beyond the test environment but the investigation remains ongoing at this stage.”
