The Board of Directors of Access Financial Services Limited (AFS) says personal data extracted presumably from the company’s system by cyber criminals last month was released on the dark web last Friday, March 21.
The company made the revelation in a statement yesterday.
AFS said it first became aware of the cyber-security incident on February 26 and immediately took steps to contain it.
With the support of international cyber-security consultants, the company said it disrupted the unauthorized access and secured its network.
It said there has been no other security incident since.
According to the company, investigations subsequently confirmed that unauthorized access to sensitive areas had resulted in a data breach from the incident.
In keeping with the regulations under the Jamaica Data Protection Act, AFS management formally notified the Office of the Information Commission (OIC) within the prescribed time-frame.
A formal report was also made to the police.
AFS said ongoing cyber surveillance since then has revealed that personal data extracted, presumably from its network, was released on the dark web last Friday along with a posted ransom.
No direct contact has been made with the company.
AFS said affected data subjects include clients and customers; however, the company is unable to confirm the nature of all the data that has been impacted.
It stated that management is taking the necessary steps to inform stakeholders of this latest development, including data subjects and the OIC.
AFS has sought to assure that it maintains full control of its network and remains vigilant in monitoring the online space.
In the meantime, the company is advising clients and customers to monitor their accounts and online interactions for any unusual or suspicious activities.
The board reiterates its commitment to providing timely updates to regulators, clients, and customers, even as the company continues to take steps to enhance existing cyber-security protocols with a view to strengthening any potential weakness.
