Cyber Incident Victim: Cayman National Bank (Isle of Man) Limited
Date:
Jan 2016
Location:
Isle of Man
Summary
Cayman National Bank (Isle of Man) Limited confirmed a data breach attributed to the politically motivated hacker or group Phineas Fisher, who claimed responsibility for stealing funds and documents while framing the act as activism against economic inequality. The bank stated no evidence of financial losses to itself or customers but acknowledged ongoing criminal investigations and cooperation with law enforcement, alongside forensic IT reviews to protect clients. Phineas Fisher distributed stolen materials through the leaking platform Distributed Denial of Secrets and publicly incentivized others to conduct similar hacks, emphasizing the intrusion as a form of cybercrime-driven social justice rather than personal gain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In 2016, Cayman National Bank (Isle of Man) Limited suffered a data breach perpetrated by the hacker or hacking collective known as Phineas Fisher, who publicly claimed responsibility for infiltrating the bank, stealing funds, and exfiltrating internal documents. The breach remained undisclosed by the bank until September 2025, when Cayman National confirmed the incident following investigative reporting by Motherboard, which revealed Phineas Fisher’s targeting of the institution. The hacker described the operation as an act of economic activism, stating they "robbed a bank and gave the money away" to challenge financial inequality, framing the theft as a redistribution of wealth from the "global financial elite." Phineas Fisher provided stolen bank documents and emails to Distributed Denial of Secrets, an activist leak platform operated by Emma Best, amplifying the breach’s exposure. While the bank acknowledged the data theft and its collaboration with law enforcement to identify perpetrators, it asserted no evidence of financial losses affecting customers or the institution itself.
Cayman National characterized the incident as part of a broader campaign against multiple banks by a "criminal hacking group," initiating a specialist IT forensic investigation to assess the breach’s scope and reinforce security measures protecting clients of its Isle of Man bank and trust divisions. A criminal investigation remained active at the time of the bank’s September 2025 statement, with authorities working to attribute responsibility. Phineas Fisher’s manifesto and statements to Motherboard emphasized ideological motives, rejecting personal profit and framing the hack as cybercrime aligned with social change objectives, consistent with their prior intrusions such as the 2015 breach of Hacking Team. The hacker concurrently offered $100,000 bounties to recruit others for politically motivated attacks, expanding their campaign’s reach. The bank’s public response focused on containment, client protection, and regulatory cooperation, avoiding direct acknowledgment of Phineas Fisher’s identity or the 2016 intrusion timeline while confirming the compromise’s occurrence.