NBU's online store targeted by cyberattack, hackers may have accessed personal data

Attackers may have gained access to customers' personal data. However, no financial information was compromised.

According to Ukrinform, the National Bank of Ukraine reported this on Facebook.

"The online store for numismatic products is temporarily unavailable due to a cyberattack on a contractor company. Potentially, the attackers may have accessed users' personal information, namely: first and last name, phone number, email address, and delivery address for numismatic products," the statement reads.

At the same time, no customers' financial data – such as payment card details or other confidential information related to banking transactions – has been compromised.

"The data protection systems and information systems of the National Bank of Ukraine are operating normally. Necessary measures are currently being taken to clarify the circumstances of the incident and assess its possible consequences. The National Bank of Ukraine, together with the service provider, is working to eliminate the consequences of the incident," the NBU said.

Read also: SBU has developments to counter Russian hackers – Zelensky

In such attacks worldwide, malicious actors seek to identify the weakest link in the supply chain. That is why the NBU designed its architecture from the outset to ensure the isolation of contractors from critical systems.

"No organization in the world can guarantee 100% protection against attacks – this is the reality of modern cybersecurity. However, mature cybersecurity means that an attack does not reach critical systems. And that is exactly what happened: thanks to the proper architecture, the incident that occurred at the contractor did not affect the NBU," the central bank said.

However, attackers may use the data entered during registration in the online store for phishing purposes. Therefore, the NBU stresses that its specialists do not send emails requesting confirmation of data, do not call to clarify payment card details, do not ask customers to pay for orders through alternative methods, and do not send links for "urgent verification."

Photo: Pixabay