The NBU’s online numismatic store is temporarily unavailable due to a cyberattack on a contractor. Attackers could potentially have gained access to users’ personal data, but no financial information was compromised.
This was reported by the NBU.
The institution noted that the data that could have been accessed included first and last names, phone numbers, email addresses, and delivery addresses for numismatic products.
“At the same time, none of your financial data — payment card details or other confidential information related to banking operations — has been compromised,” the NBU assured.
The National Bank’s data protection and information systems are operating normally. Measures are currently underway to investigate the circumstances of the hack and assess its possible consequences.
The National Bank explained that the attack on the contractor is an example of a so-called supply chain attack — a common tactic used by hackers around the world, where attackers try to find the weakest link in the supply chain. It is noted that the architecture of the systems was designed to isolate contractors from critical systems, which prevented any impact on the NBU’s infrastructure.
The regulator emphasized that no organization in the world can guarantee 100% protection against cyberattacks, but in this case, the incident did not affect critical systems. Users were urged to be vigilant, as potentially compromised data could be used for phishing.
The NBU reminds users that its employees do not send letters asking to confirm data, do not call to clarify information about payment cards, do not ask to pay for orders by alternative methods, and do not send links for “urgent verification.”