Cyber Incident Victim: Seychelles Commercial Bank
Date:
Jul 2025
Location:
Seychelles
Summary
A hacker claimed to have stolen and sold personal data of clients of Seychelles Commercial Bank, which confirmed the breach and said only personal information, not funds, was compromised. The bank notified affected customers and noted that the data exposed could be relevant given Seychelles' status as a jurisdiction with notable tax haven characteristics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 15, 2025, Seychelles Commercial Bank issued a notification to its customers after a hacker claimed to have stolen and sold the personal data of the bank's clients. The bank confirmed that it had been made aware of the hack and informed affected individuals that only personal information, not monetary assets, had been compromised. The statement emphasized that no funds were taken from accounts during the incident. The bank did not disclose the specific method used by the attacker or the exact volume of records involved. The notification was delivered through the bank's standard customer communication channels.
The hacker's claim indicated that the stolen personal data had been offered for sale. Seychelles Commercial Bank reiterated that the breach did not involve any financial loss for customers. The incident drew attention due to the jurisdiction's reputation as a tax haven, with Seychelles ranked 45th on the Corporate Tax Haven Index by the Tax Justice Network. No further details about containment measures, forensic analysis, or timeline of the breach were provided in the available source. The bank's response remained limited to the customer notification and the clarification regarding the nature of the compromised data.