We wish to provide a further update on the actions taken by Cargills Bank following the cybersecurity incident disclosed in our public notices dated 21 March 2025, 25 March 2025, and 2 April 2025.
Our Immediate and Ongoing Response
Upon becoming aware of the incident, the Bank’s actions were as follows:
- Engaging with local and internationally renowned cybersecurity experts to undertake an immediate investigation into the incident, conduct a detailed forensic investigation, strengthen security measures, and enhance our future cybersecurity framework.
- Notifying the regulator and providing continuous updates.
- Reporting the incident to the Computer Crimes Division of the Criminal Investigation Department (CID) and coordinating with the law enforcement authorities.
- Enhancing our network security infrastructure to safeguard against further threats.
- Maintaining uninterrupted operations across all banking channels, with no breach to our core banking systems or customer accounts.
- Making public disclosures via the Colombo Stock Exchange (CSE), our official website, and social media channels (Facebook and LinkedIn).
- Initiating legal proceedings to protect customer and stakeholder information.
- Briefing and equipping all staff members to ensure seamless customer service and heightened vigilance.
- Reaching out directly to customers to inform them about the incident and to reassure them of the measures in place.
From the outset, we have been communicating verified updates as our investigation has progressed. We understand the importance of keeping our customers and stakeholders informed with verified information, and we remain fully committed to doing so.
Protecting Customer and Stakeholder Information
We continue to monitor the situation closely. Should any customer or stakeholder’s material information be identified as compromised, we will contact them directly on any action required.
We wish to reassure you that there is no financial risk to customers, the bank or financial transactions as a result of this incident. The systems responsible for processing and safeguarding banking activities remain fully secure and unaffected. We have taken measures to strengthen the security environment of the bank with the support of cybersecurity experts.
We have also initiated legal proceedings to protect customer and stakeholder information by seeking a preventive court order aimed at restricting the unlawful sharing of compromised data. This step was taken solely to uphold the privacy and security of those affected. We urge the public not to share any customer information they receive as it would only victimize those whose information has been compromised.
Financial Strength and Operational Stability
Cargills Bank’s financial and liquidity position remains robust and our capital adequacy ratios are well above regulatory requirements.
Our Commitment Moving Forward
We sincerely thank you for your continued trust and understanding. Cargills Bank remains fully committed to managing this incident with transparency, care, and responsibility. We continue to strengthen our systems in line with international best practices, working closely with cybersecurity experts and local regulatory authorities to ensure the highest levels of protection for our customers, employees, and stakeholders.