Cyber Incident Victim: Banque de l'Habitat du Sénégal
Date:
Dec 2024
Location:
Senegal
Summary
A ransomware attack by the LockBit group targeted Banque de l'Habitat du Sénégal, compromising 500,000 client records and disrupting banking services, with attackers demanding a $1 million ransom. The incident exposed critical cybersecurity vulnerabilities across multiple Senegalese financial institutions, including outdated IT systems, inadequate client data protection, and exploitable website weaknesses at banks such as BICIS, Société Générale, Crédit du Sénégal, and BNDE. This breach highlighted systemic risks to national financial infrastructure and sensitive customer information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2024, the Banque de l’Habitat du Sénégal (BHS) suffered a cyberattack attributed to the LockBit group, resulting in the theft of approximately 500,000 client records and a complete paralysis of banking services. The attackers demanded a ransom of one million dollars, marking a significant breach of the institution’s security infrastructure. This incident exposed systemic vulnerabilities within BHS, including outdated IT systems and insufficient data protection measures, which facilitated unauthorized access to sensitive customer information. The attack disrupted financial operations, preventing customers from accessing services and undermining public confidence in the bank’s ability to safeguard personal and financial data. LockBit’s infiltration highlighted critical weaknesses in BHS’s cybersecurity posture, particularly the absence of robust defenses against sophisticated ransomware operations.
Following the breach, Deputy Guy Marius Sagna formally alerted Senegal’s Minister of Economy and Finance to broader cybersecurity deficiencies across multiple national financial institutions, including BICIS, Société Générale Sénégal, Crédit du Sénégal, BNDE, and CBAO. Investigations revealed these banks operated with obsolete IT infrastructure, unsecured websites, and inadequate protocols for protecting client data, collectively exposing Senegal’s financial sector to elevated risks of exploitation. Sagna’s intervention emphasized the BHS attack as a catalyst for urgent governmental action, demanding transparency regarding post-incident remediation efforts, existing cybersecurity standards, and oversight mechanisms for compliance. The incident underscored operational and reputational damage to BHS, while parliamentary inquiries focused on the government’s capacity to enforce cybersecurity reforms, enhance inter-institutional collaboration, and implement public awareness initiatives to mitigate future threats. No specific details regarding ransom payment, data recovery, or technical countermeasures were disclosed in the available correspondence.