Seychelles Commercial Bank (SCB) recently confirmed a cybersecurity incident that led to the temporary suspension of its internet banking services and the exposure of personal information belonging to internet banking customers. While the bank assured customers that no funds were accessed, a hacker operating under the name “ByteToBreach” publicly advertised the sale of SCB client data on a cybercrime marketplace, DarkForums, on July 4.
The stolen data reportedly includes names, dates of birth, phone numbers, addresses, and emails, with some entries even listing government balance accounts.
According to the hacker, the initial breach of SCB’s network occurred on February 5, 2025, with data exfiltration taking place from July 3 to July 4, resulting in 2.2 gigabytes of stolen customer information. ByteToBreach claims to have exploited a vulnerability in Oracle WebLogic Server, which runs the bank’s Oracle Flexcube Private Banking (FCPB/FCDB) application. Despite the presence of Fortinet security, the hacker managed to gain access and, surprisingly, found decryption keys within the bank’s IT environment, enabling them to decrypt some of the stolen data.
Cybersecurity firm Resecurity engaged with the attacker and reviewed a sample of the compromised data, confirming the presence of numerous customer details and account balances.
The hacker also stated that they attempted to communicate with the bank and demanded a ransom, but received “absolutely nothing” in response, prompting them to publicize the breach. In an attempt to further extort the bank, ByteToBreach began directly contacting a subset of SCB customers via email on July 8, informing them of the data compromise.
ByteToBreach claims to have already sold the stolen data at least once for approximately $750 in Bitcoin and also sold “access” to the bank for $6,000. SCB has reported the incident to the police and is implementing additional cybersecurity safeguards, including the suspension of its internet banking platform, to mitigate the risks. The bank apologized to its customers for the breach and the inconvenience caused.
The incident is particularly significant given the Seychelles’ status as a prominent financial center and a jurisdiction often associated with tax haven activities. The potential exposure of sensitive financial data, including government accounts, raises concerns about the archipelago nation’s reputation and could lead to repercussions similar to the 2016 “Panama Papers” leak, which exposed offshore financial dealings of numerous high-profile individuals and organizations.
Reference: