Cyber Incident Victim: Banco Nacional de Panamá

On May 6-7, 2016, the National Bank of Panama experienced a distributed denial-of-service (DDoS) attack as part of a coordinated campaign by the hacktivist collective Anonymous and their affiliate Ghost Squad. This incident occurred during Operation Icarus, a month-long series of cyberattacks targeting global financial institutions. The attackers successfully disrupted the bank's online services, temporarily taking its official website offline alongside the Central Bank of Kenya. This followed similar attacks the previous day against four other central banks, including those of the Dominican Republic, Guernsey, Maldives, and the Netherlands. Anonymous had publicly announced their intentions through a video released on May 4, declaring their objective to execute "one of the most massive attacks ever seen" against the banking sector. The group published a target list of 160 financial institutions that included major entities like the World Bank and Federal Reserve.

The National Bank of Panama was specifically highlighted by attackers as a priority target due to its connection to the Panama Papers leaks, which had exposed offshore financial activities of prominent global figures weeks earlier. Anonymous members stated they sought accountability for corrupt elites implicated in the documents. While the bank restored its website functionality shortly after the attack, the incident demonstrated vulnerabilities in critical financial infrastructure. The operation impacted at least ten central banks total, including subsequent attacks on institutions in Greece, Cyprus, Mexico, and Bosnia and Herzegovina. This campaign occurred amid heightened cybersecurity concerns for banks following major breaches at Bangladesh Bank and Qatar National Bank earlier in 2016. No data theft or financial losses were reported from the DDoS incidents, but the attacks highlighted hacktivists' ability to disrupt essential online banking services through relatively unsophisticated means.