The website domain of Guarantee Trust Bank (GTBank) was the target of a single, isolated effort to breach it.
In response to recent media claims that claimed hackers had taken control of and cloned its website in order to intercept customer data, the bank released a statement on Thursday.
“Our attention has been drawn to media reports alleging that hackers have taken control of the Bank’s website, cloned it, and obtained customer data,” the statement read.
“We would like to reassure all of our customers and stakeholders that the Bank’s website has not been copied and that we do not store customer information on our website, and as such, there has been no instance of compromise of customer data, even though there was an isolated incident of an attempt to compromise our website domain.”
The bank was clear: “We would like to assure all of our customers and stakeholders that the Bank’s website has not been cloned.”
It stated that the domain settings were being carefully restored by the bank’s information security specialists. The message further stated, “Our committed team of information security experts is currently working around the clock to restore domain settings.”
Customers were reassured by GTBank of its dedication to data protection and advised to ignore the statements made in the media. The bank said, “We assure you of our unwavering commitment to safeguarding customer data and urge all of our customers to please disregard the claims in these media reports.”
Concerns regarding the security of their financial and personal information were raised when users uploaded pictures of the purportedly compromised website.
Numerous people have urged GTBank to take swift action to resolve the issue and guarantee the security of client information.
According to SERAH Ibrahim, an X user, the alleged hacking began on Wednesday night. She continued by saying that the website’s second HTTP layer was apparently designed by the accused hackers as a phishing attempt to obtain user information.
Serah Ibrahim, for example, wrote: “As of Wednesday night, August 14, 2024, it appears that suspected cybercriminals have compromised the domain address of GTBank, a major financial institution in Nigeria.
As of yet, no hacker has taken credit for the vandalism, which seems to have begun at midnight on August 14.
Already, it looked as though the attackers had added a second HTTP layer to the website in an apparent attempt to use phishing to acquire user information.
According to a cybersecurity specialist with knowledge of the Nigerian banking sector, it’s more likely that the bank’s login credentials were stolen rather than the domain name itself being taken for online resale at a higher price.
The domain name Gtbank is now controlled by the hackers or anyone they decide to sell it to as a result of this phishing attack.
This raises the question of whether GTBank, one of Nigeria’s largest banks, was lacking a DNSSEC setup, which may have stopped or lessened this intrusion.
Since the bank’s iOS and Android-based applications are still in use, it does not appear that the mobile infrastructure of the bank has been impacted.
“This week, a significant number of GTBank employees will undoubtedly lose their jobs,”