Cyber Incident Victim: Access Financial Services
Date:
Feb 2025
Location:
Jamaica
Summary
Access Financial Services detected acybersecurity incident, contained the breach with help from international consultants, and confirmed that unauthorized access led to a data breach. The company reported the breach to the Office of the Information Commission and the police, and later learned that personal data had appeared on the dark web accompanied by a ransom note. It informed affected customers of the breach and noted that ongoing surveillance of the network continues.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
AccessFinancial Services Limited first became aware of a cybersecurity incident on February 26 2025 and immediately initiated containment measures with the assistance of international cybersecurity consultants, which disrupted the unauthorized access and secured its network. The company’s investigation subsequently confirmed that the incident had resulted in a data breach due to unauthorized access to sensitive areas of its systems. In accordance with the Jamaica Data Protection Act, Access Financial Services formally notified the Office of the Information Commission within the prescribed timeframe and also filed a formal report with the police. The organization stated that there has been no further security incident since the containment actions were taken.
Ongoing cyber surveillance conducted by the company revealed that personal data extracted, presumably from its network, was released on the dark web on March 21 2025, accompanied by a posted ransom demand; no direct contact has been made with Access Financial Services by the alleged perpetrators. Affected data subjects include clients and customers, although the company is unable to confirm the exact nature of all data that has been impacted. Management has undertaken steps to inform stakeholders, including the affected data subjects and the Office of the Information Commission, about this development. Access Financial Services has urged its clients and customers to monitor their accounts and online interactions for any unusual or suspicious activity.
The company maintains that it retains full control of its network and remains vigilant in monitoring the online environment, emphasizing that no additional security incidents have been detected since the initial response. Access Financial Services continues to cooperate with relevant authorities and cybersecurity experts to address the breach and support affected individuals. The narrative presented reflects only the factual chronology, impacts, and response actions described in the provided source material.