KAY-MARIE FLETCH­ER

Se­nior Re­porter

kay-marie.fletch­er@guardian.co.tt

Ven­ture Cred­it Union Co-Op­er­a­tive So­ci­ety Lim­it­ed has been the tar­get of a cy­ber­at­tack, po­ten­tial­ly lead­ing to thou­sands of its cus­tomers’ per­son­al da­ta be­ing leaked to the dark web.

A Russ­ian-ori­ent­ed cy­ber­crime or­gan­i­sa­tion known as Qilin is re­port­ed to be be­hind the at­tack.

Ac­cord­ing to Ven­ture Cred­it Union, the ran­somware at­tack took place on Ju­ly 18.

But one Ven­ture ex­ec­u­tive is urg­ing cus­tomers not to wor­ry, as he as­sured yes­ter­day that their core bank­ing in­for­ma­tion was not breached.

How­ev­er, one cy­ber­se­cu­ri­ty ex­pert says that’s not true.

Daren Dho­ray told Guardian Me­dia that cus­tomers’ na­tion­al iden­ti­fi­ca­tion cards, util­i­ty bills and oth­er per­son­al in­for­ma­tion are still on the dark web.

He said even more trou­bling was the fact that cus­tomers were on­ly in­formed of the breach yes­ter­day, af­ter re­ports of the at­tack be­gan cir­cu­lat­ing on so­cial me­dia ear­li­er in the day.

Dho­ray said, “If it was suc­cess­ful­ly re­cov­ered, then mem­ber da­ta would not be on the dark web. So to me, that’s a con­cern. It was not is­sued be­fore when they claimed that the breach was, which was Ju­ly 18, and one may in­fer that on­ly be­cause we made it pub­lic on so­cial me­dia to­day (Wednes­day) that the in­for­ma­tion was shared to their mem­bers,” he said.

“So, the con­cern­ing is­sue here is, one, for their mem­bers to at least be a bit more cog­nisant of po­ten­tial iden­ti­ty theft or phish­ing ac­tiv­i­ties that might hap­pen, be­cause con­sid­er this, your na­tion­al ID util­i­ty bill, which will have your ad­dress, is now avail­able to any ne­far­i­ous in­di­vid­ual to use at their de­sire.”

Ven­ture Cred­it Union now joins oth­er or­gan­i­sa­tions, such as TSTT, the Na­tion­al In­sur­ance Board (NIB), Massy Group and ANSA McAL, which have been at­tacked by hack­ers with­in the last five years.

Dho­ray is now en­cour­ag­ing cus­tomers to be on the alert, while telling or­gan­i­sa­tions they should al­so be more trans­par­ent with their mem­ber­ship when these at­tacks oc­cur.

Dho­ray said, “They (cus­tomers) would have prob­a­bly no­ticed any fi­nan­cial is­sues on their ac­count by now, even though the cred­it union has claimed that that is not the case and we can on­ly go with what they say. But, I would still rec­om­mend that the mem­ber­ship be very aware, mon­i­tor their ac­count a lit­tle bit more, be a lit­tle bit more dili­gent than usu­al, and at least some re­as­sur­ance that this is no in­dict­ment on the cred­it union.”

He added, “Even the largest firms be­come prey to cy­ber­crim­i­nals. It will hap­pen al­most to any in­sti­tu­tion, so trans­paren­cy and ex­pe­di­en­cy with re­spect to re­port­ing it from the bod­ies like the cred­it unions to the mem­ber­ship, is what we would like to see hap­pen and hope­ful­ly, none of their mem­bers would ac­tu­al­ly do any sort of harm.”