Cyber Incident Victim: Financial Services Commission

The Financial Services Commission (FSC) of Jamaica publicly disclosed a cybersecurity incident on September 1, 2023, characterizing the event as a cyberattack impacting its operations. The organization activated its incident response protocols by engaging specialized cybersecurity experts from two national agencies—the Jamaica Cyber Incident Response Team (Ja-CIRT) and the Major Organised Crime and Anti-Corruption Agency (MOCA). These teams worked aggressively to assess the scope and severity of the breach, though the FSC did not disclose technical specifics regarding attack vectors, compromised systems, or data exfiltration. In an official statement, the FSC emphasized its commitment to system security and stated it was addressing the situation with urgency while prioritizing the protection of personal information belonging to staff and stakeholders. The commission maintained operational continuity during the investigation but cautioned that service delays might occur across its stakeholder-facing processes.

Despite the disruption, the FSC implemented measures to safeguard sensitive data while investigators analyzed the incident’s origins and impacts. No timeline for full resolution was provided, with the organization pledging to share further updates as the inquiry advanced. Stakeholders were advised to anticipate prolonged response times for inquiries and transaction processing due to residual system constraints. The FSC’s communications focused on maintaining transparency regarding operational status without revealing tactical details of the attack or mitigation efforts, reflecting standard incident response protocols during active investigations. Recovery priorities centered on restoring normal service delivery while preserving evidence for forensic analysis. The involvement of Ja-CIRT and MOCA indicated coordination with national cybersecurity and law enforcement frameworks to manage both technical and regulatory dimensions of the breach.