Seychelles Commercial Bank Hacked: Customer Data Compromised, Suspected Espionage Disguised as Cybercrime
Ddos 
Image: Resecurity
A recent report by Los Angeles-based cybersecurity firm Resecurity has brought to light a disturbing development targeting offshore banking infrastructure. An extensive cyberattack against Seychelles Commercial Bank (SCB) has compromised sensitive customer data and raised suspicions of a broader espionage campaign disguised as cybercrime.
The incident surfaced on July 4, when a user named “ByteToBreach” advertised the sale of SCB client data on a dark web forum. Although the bank reassured its users that “no funds have been accessed,” it admitted that “this cyber incident resulted in unintentional exposure of personal information of internet banking customers only.”
While many cyberattacks are financially motivated, Resecurity analysts argue that this case may not follow the typical pattern. “The motives behind this activity may not be traditional cybercrime but rather intelligence collection,” notes the report, highlighting the bank’s location in a known offshore tax haven.
Upon investigating the breach, Resecurity discovered a treasure trove of data samples—over 1,200 records containing personally identifiable information (PII) such as names, birthdates, addresses, phone numbers, KYC details, and account balances. Some of the compromised records belonged to government employees and representatives of Seychelles’ State House (Office of the President), which significantly elevated the geopolitical sensitivity of the leak.
The hacker claimed the data was exfiltrated from SCB’s Oracle Flexcube Private Banking system by exploiting an unspecified Oracle WebLogic Server vulnerability. “There is also Fortinet on top of that,” ByteToBreach stated, adding, “I had to download PDF manuals for Oracle FCDB to understand the setup, since it was reasonably secure.”
The attacker’s behavior deviated from typical ransomware campaigns. Although an extortion attempt was made, it was not persistent. Instead, the actor proceeded to leak the data and even sent warning emails to customers: “Your personal data has been compromised by SCB Bank, and they are covering this up.” Resecurity highlighted the unusually low price of the dataset—just $750 in Bitcoin—which further indicated that “the actor was unlikely driven by ‘for profit’ motives,” suggesting espionage and intelligence gathering as the underlying objectives.
This is not an isolated event. Resecurity points to a ransomware attack on the Development Bank of Seychelles (DBS) in 2020, reinforcing the notion that offshore financial institutions are becoming prime targets. While no direct link between the DBS and SCB breaches has been confirmed, the focus on Seychelles—often labeled a “tax haven”—adds a deeper layer of complexity.
“The Seychelles Commercial Bank data leak raises the possibility of Seychelles facing its own version of the ‘Panama Papers,’” warns the report, referencing the infamous 2016 document dump that exposed global financial secrecy.
In response to the breach, the Central Bank of Seychelles confirmed that it had been formally notified and that SCB “has been working with police to investigate the intrusion.” Additional safeguards were enacted, including the temporary suspension of internet banking services.
Resecurity’s investigation has been shared with relevant authorities and the affected financial institutions. The stolen data, with references to internal employee credentials and government accounts, could serve as a springboard for future cyber and fraud operations.
Related Posts:
- 55 Million Records: Thailand’s PII Massive Leak Unveiled
- Malicious VSCode extensions steal PII and enable backdoors
- Resecurity: Nuclear energy, oil and gas are top targets for ransomware groups in 2024
- 12.2TB of User Data Exposed in Passion.io Breach: Over 3.6 Million Records Left Unprotected
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
