ICWI issues alert to clients after cyberattack
The Insurance Company of the West Indies (ICWI) is warning customers to be on the lookout for strange emails, texts and calls with suspicious requests, amid an ongoing investigation into a July cyberattack during which data may have been breached.
In a communication to customers, the company shared that there was a cyber incident on July 31, in which there was unauthorised access to its information technology system.
However, the company said, “In response, we took immediate action, including taking our servers offline to contain the situation. We have engaged a cybersecurity specialist to thoroughly investigate the matter, asses its impact, secure our environment and systematically facilitate the restoration.
“Our investigation is still ongoing and we have yet to determine the full extent of the incident but it is important that we inform all the relevant authorities in the territories in which we operate and, of course, that we let all our valued customers know what has happened.”
So far the company said it is confident that the security risk has now been remedied, and the risk of any further data breaches has been mitigated as best as possible.
“To date, we are unaware of any reports of improper use of information due to this incident, but we strongly recommend that you should always be vigilant and guarded against unsolicited phone calls, emails, and phishing activity in your inbox,” the company further indicated.
ONGOING INVESTIGATION
In the meantime, ICWI President Paul Lalor said, “What we do know is that they got into the system and they claimed to have taken some information from the system. We are not 100 per cent sure exactly what they have yet, but that is what the investigation is trying to glean.”
He added, “It is a potential that they have some data, but there is nothing too sensitive that we retained on our system and, from a financial perspective, none of our clients are at risk from a financial basis and so we are happy about that as it is a conscious policy that we took not to ever store any data which might expose people from a financial perspective.”
He noted that, though the hackers might have obtained phone numbers and email, that has not yet been verified.
According to Lalor, the investigation, which is being done by cyber experts from the United States, is expected to wrap up in the next few weeks.
He added further that there have been widespread cyberattacks in the island over the last six to eight months and that several companies are suffering.
However, Lalor said since the incident, the company has ramped up its security system.
“We have doubled down on our security and we are hopeful the next threat actor will find it far more difficult to get into our systems,” he said.
At a media roundtable last week, it was reported that cybercriminals have targeted security systems in Jamaica four million times in the first half of this year, a significant decline from the 43 million times recorded in 2023.
Cybersecurity experts from computer security provider in Latin America and the Caribbean, Fortinet, cautioned during the meeting that this is an indication that cybercriminals have become more strategic in their attacks.