SWIFT, the financial messaging service, has said in a press release that there is no indication that its network or core services have been compromised amid allegations that two services bureaus may have been targeted to gain unauthorized access to bank customers’ data.
As reported by Reuters, a hacking group calling itself the Shadow Brokers recently released allegations that service bureaus in the Middle East and Latin America may have been compromised by third parties. The allegations date back several years. Service bureaus are third-party providers that operate a connection to SWIFT for firms that wish to outsource their day-to-day operation of the SWIFT connection. In its release, SWIFT said that it is in close contact with the service bureaus in question to ensure that they are implementing appropriate preventive measures.
SWIFT recommends that customers pay close attention to their own security and keep in mind security issues when choosing a service bureau or other third-party provider. The effects of any vulnerabilities can be mitigated by immediately installing security updates and patches. SWIFT is working through its Customer Security Programme to provide tools and guidance about security to its customers and will keep customers updated through its Security Notification Service.
SWIFT said that there has been no impact on its infrastructure or data and that there is no evidence to suggest that unauthorized access has occurred to its network or messaging services.
Service bureaus must register under SWIFT’s Shared Infrastructure Programme (SIP), which outlines the legal, financial and operational requirements with which services bureaus must comply. The SIP should not be considered a substitute for customers to perform their own security checks and due diligence, the messaging service noted.
– Adam Fusco, associate editor