Cargills Bank issues update on cyber security incident and ongoing protective measures

Friday, 18 April 2025 00:00 - - {{hitsCtrl.values.hits}}

Cargills Bank has issued a further update on the actions taken following the cyber security incident, in addition to its public notices issued on 21 March, 25 March and 2 April 2025.

Following is the full statement:

Immediate and ongoing response

Upon becoming aware of the incident, the bank’s actions were as follows:

Engaging with local and internationally renowned cyber security experts to undertake an immediate investigation into the incident, conduct a detailed forensic investigation, strengthen security measures, and enhance our future cyber security framework.
Notifying the regulator and providing continuous updates.
Reporting the incident to the Computer Crimes Division of the Criminal Investigation Department (CID) and coordinating with the law enforcement authorities.
Enhancing our network security infrastructure to safeguard against further threats.
Maintaining uninterrupted operations across all banking channels, with no breach to our core banking systems or customer accounts.
Making public disclosures via the Colombo Stock Exchange (CSE), our official website, and social media channels (Facebook and LinkedIn).
Initiating legal proceedings to protect customer and stakeholder information.
Briefing and equipping all staff members to ensure seamless customer service and heightened vigilance.
Reaching out directly to customers to inform them about the incident and to reassure them of the measures in place.

From the outset, we have been communicating verified updates as our investigation has progressed. We understand the importance of keeping our customers and stakeholders informed with verified information, and we remain fully committed to doing so.

Protecting customer and stakeholder information

We continue to monitor the situation closely. Should any customer or stakeholder’s material information be identified as compromised, we will contact them directly on any action required.

We wish to reassure you that there is no financial risk to customers, the bank or financial transactions as a result of this incident. The systems responsible for processing and safeguarding banking activities remain fully secure and unaffected. We have taken measures to strengthen the security environment of the bank with the support of cyber security experts.

We have also initiated legal proceedings to protect customer and stakeholder information by seeking a preventive court order aimed at restricting the unlawful sharing of compromised data. This step was taken solely to uphold the privacy and security of those affected. We urge the public not to share any customer information they receive as it would only victimise those whose information has been compromised.

Financial strength and operational stability

Cargills Bank’s financial and liquidity position remains robust and our capital adequacy ratios are well above regulatory requirements.

Commitment moving forward

We sincerely thank you for your continued trust and understanding. Cargills Bank remains fully committed to managing this incident with transparency, care, and responsibility. We continue to strengthen our systems in line with international best practices, working closely with cyber security experts and local regulatory authorities to ensure the highest levels of protection for our customers, employees, and stakeholders.