Seychelles Commercial Bank has confirmed a cybersecurity incident that led to the compromise of personal information belonging to its internet banking customers. While no financial losses were reported, the attack has triggered concerns over data security in the banking sector of one of the world’s smallest island nations.
Bank suspends online services following breach
The bank detected and contained the breach recently, leading to a temporary suspension of its internet banking platform. Customers were advised to rely on ATMs or visit physical branches for their transactions while systems remained offline. In its public notification, the bank clarified that the breach was limited to personal data and reassured customers that no money was stolen.
Details shared by cybersecurity researchers suggest that the stolen data includes customer names, phone numbers, email addresses, account types, and balances. Some of the affected accounts were marked as government-linked, raising further concern. The Central Bank of Seychelles has been formally notified about the breach.
Attacker claims to have sold sensitive customer data
According to findings from Los Angeles-based cybersecurity firm Resecurity, a hacker has claimed responsibility for the attack and has already sold portions of the compromised data. The firm verified samples of the stolen information and found them to include identifiable details linked to both individuals and institutions.
This development has exposed systemic risks in digital banking security, especially in smaller economies where cybersecurity infrastructure may not match the pace of digital service expansion. While the bank acted swiftly to contain the breach, the delayed disclosure of specific attack vectors and mitigation measures has left customers seeking more clarity.
Regulatory oversight and response remain limited
As of now, there has been no indication of formal penalties or follow-up actions from Seychelles’ financial regulatory bodies beyond acknowledging the notification. The incident underscores the increasing need for proactive threat monitoring and rapid incident response even in smaller jurisdictions.
The bank’s next steps—including how it plans to secure customer data going forward and whether impacted clients will receive credit monitoring or other support—remain unclear. However, the breach adds to a growing list of financial institutions globally that have suffered cyber intrusions without immediate financial impact but with long-term consequences for trust and data safety.
