BSP Financial Group has confirmed that it is investigating unauthorised third-party access to one of its back-office testing systems, an incident that temporarily disrupted internet banking and other services across several Pacific markets.
In a statement to the South Pacific Stock Exchange, BSP said it identified unauthorised access to a non-customer-facing test environment used for various internal systems.
“Upon detecting the incident, BSP took immediate containment action as a precautionary measure, disabling externally facing internet services,” the bank said.
The move affected a number of BSP services, with the most significant disruptions occurring to Internet Banking across the Group, excluding Fiji, and Agency Banking services in Papua New Guinea.
However, BSP confirmed that several key customer services remained operational throughout the incident, including mobile banking, ATM withdrawals and deposits, EFTPOS transactions and over-the-counter branch services.
The banking giant said it had engaged leading external cyber security experts to assist with the response and investigation.
“BSP is working with leading external cyber experts to respond to and investigate the incident. The investigation is in the early stages and we have been advised it may take some time to complete in line with security incident response processes.”
According to BSP, testing conducted on customer-facing production systems found no evidence that the incident had spread beyond the testing environment.
“BSP has completed the testing of customer facing services in the production environment and has found no residual threats, with impacts confined to the Test Environment.”
The bank said it has now successfully restored full services to customers across its operations.
“As a result BSP has now been able to successfully restore full services to its customers.”
BSP stressed that it does not currently believe there is any ongoing risk outside the affected testing systems, although investigations remain ongoing.
“BSP does not believe there is any ongoing risk beyond the Test Environment but the investigation remains ongoing at this stage.”
The financial institution said it will continue to work with relevant government agencies and regulators across the Pacific region and keep customers, shareholders and stakeholders informed as further details become available.
The incident comes amid growing concerns globally over cyber security threats targeting financial institutions and critical infrastructure, with organisations increasingly strengthening digital security measures to protect customer information and essential services.
