UAE law cyberattacks
Photo for illustrative purpose Image Credit: Shutterstock

Islamabad: The National Bank of Pakistan (NBP) has confirmed reports it suffered a cyberattack but said that so far no data appeared to have been stolen.

“No customer or financial data has been compromised,” the bank said in an official statement following the cyberattack on its IT infrastructure on October 29. NBP assured its customers that their “financial data has not been compromised and has remained protected, confidential and secured.”

The State Bank of Pakistan said that the NBP had “reported a cybersecurity-related incident which is being investigated.” Pakistan’s central bank said it is monitoring the situation closely to ensure the safety of the country’s banking system. “NBP has not observed any data breach or financial loss,” said the SBP, adding that no other bank had reported such an incident.

Describing the cyberattack issue, NBP said that “In the late hours of the 29th and early morning of the 30th October, a cyber-attack on the NBP’s servers was detected which impacted some of its services. Immediate steps were taken to isolate the affected systems.” NBP’s teams supported by top specialists worked over the last 48 hours to resolve the issue.

The NBP later said that it has “countered the threats and repaired the affected parts of its systems.” The bank restored all banking services including ATMs and the disbursement of salaries and pensions on November 1, 2021.

It is not confirmed whether it was ransomware, data breach or distributed denial-of-service (DDoS) attack.

Talking to Gulf News, cyber security expert Haroon Ali, said:  “Although NBP did not disclose the nature of the incident, however, the new national cyber security policy 2021 recently introduced by Pakistan’s Ministry of Information Technology has been effective so far in terms of incident disclosure, in this case, increasing awareness in the industry that cyber threats continue to evolve and no institution is immune to it.”

Suggesting measures to prevent the recurrence of cyber threats, he said: “The government needs to develop a framework and risk mitigation guidelines where a minimum level of cyber threat deterrence is maintained by country’s critical infrastructure institutions which include the banks.” Pakistan should introduce industry-specific regulatory compliance that requires financial institutions to implement sufficient information security protections.

Pakistan’s Federal Board of Revenue (FBR) database also suffered cyberattacks earlier. Minister Shaukat Tarin had informed the National Assembly that FBR portals were subjected to 71,000 cyberattacks every month on average.