Cyber Incident Victim: National Bank of Pakistan

The National Bank of Pakistan (NBP) experienced a destructive cyberattack on or around October 28, 2021, which significantly disrupted its operations. The bank initiated an immediate response by shutting down its main data center and critical systems to contain the attack’s spread and mitigate further damage. This proactive containment measure caused widespread operational interruptions across the bank’s services. Internal incident response protocols were activated to assess the scope of the compromise and begin recovery efforts. The attack’s destructive nature suggested potential data loss or irreversible system damage, though specific technical details regarding the attackers’ methods or entry vectors were not publicly disclosed. The disruption impacted core banking functions, creating challenges for both internal operations and customer-facing services.

NBP’s management publicly acknowledged the cyber incident, confirming operational disruptions and the implementation of their cybersecurity response framework. The bank engaged external cybersecurity experts to assist with forensic analysis, system restoration, and investigation into the attack’s origins. The State Bank of Pakistan, the country’s central bank, was formally notified of the breach as part of regulatory compliance procedures. Recovery efforts prioritized securely restoring systems to minimize prolonged downtime, though the process necessitated extended service limitations. Customers experienced interruptions to online banking platforms and ATM transactions, highlighting the attack’s tangible effects on financial service accessibility. The incident underscored broader vulnerabilities within financial sector infrastructure to disruptive cyber threats.