Cyber Incident Victim: National Treasury Management Agency

On February 7, 2017, the National Treasury Management Agency (NTMA) temporarily suspended access to its public-facing website following the detection of an unauthorised remote attempt to publish content. The agency identified a hacking incident involving efforts to alter website content, which resulted in the appearance of a message stating "Long Live Peshmerga" on the site. As a precautionary security measure, NTMA immediately restricted public access to the affected platform upon discovering the compromise. The agency activated its standard IT security protocols in response to the intrusion attempt, though the exact duration of the website's downtime was characterized as lasting "several hours" during containment efforts. NTMA officials emphasized that the compromised website operated on separate infrastructure with no connectivity to the agency's core financial systems or operational networks, limiting the incident's technical scope to the externally hosted web presence.

The website suspension did not disrupt NTMA's financial operations or internal IT infrastructure, according to official statements released during the incident. Agency representatives confirmed that critical functions including sovereign debt management activities proceeded without interruption, with an upcoming €1.25 billion bond auction scheduled for February 9 remaining on track. The planned auction involved two bond tranches maturing in 2022 and 2026 respectively, part of NTMA's broader €9-13 billion long-term debt issuance strategy for 2017. While the website remained temporarily inaccessible to the public, NTMA communicated that restoration efforts were prioritized and would conclude once security verification processes completed. No additional compromises beyond the website defacement attempt were disclosed, with the agency maintaining that its primary systems and January 2017 €4 billion debt syndication operations remained unaffected throughout the incident.