MAZE Team Cyber-Attack: Is Your Information Compromised?
As you might have heard during the weekend, the Banco de Costa Rica has been under the spotlight due to a cyber-attack on more the 5 million of transactions, which has been granted by the hacker Maze Team, so we would like to provide a summary and quick guide on what to do and how to proceed if you think your information has been compromised.
- Maze Team: has confirmed they have sensitive information of BCR clients in their possession and have released a first list (more to come each Friday) of “affected” users.
- BCR: has informed and confirmed that none of their systems have been compromised, and therefore, clients should not be worried about any cyber-attack.
As per today, and since a first list of affected people has been released, it has been confirmed the cyber attack was performed and publicly documented.
To access the list published by Maze Team, a tool was provided by Costa Rican cybersecurity site “Atti Cyber”, on which people must log to access the list.
Nevertheless, accessing this tool provides a new problem: if your information was not compromised, it could be now after accessing an unsecure site.
As per today, users from any bank could start seeing unrecognized purchases in their accounts.
At this point, it is important to understand that Banks are in the obligation to protect and guard your information. Therefore, any breach of information is their responsibility to address and resolve.
Despite of this, if you access any site to confirm any of your data was compromised, you are releasing the Bank from responsibility as you need to consent access before logging in to an untrusted site.
Am I affected?
Since the cyber-attack was made on transactions through BCR dataphones (payment terminals/point of sales), therefore, cards (credit and debit) from any bank could have been compromised.
What can I do?
- Low level measures:
- Write the Bank(s) asking if any of your cards have been compromised every Friday.
- Hire fraud insurance for your cards.
- Mid-level measures:
Cancel all your cards (debit and credit) and ask for new plastic.
- High level measures
Create a new account and transfer all your funds to the new one.
If you experience suspicious activity with any of your cards, contact the bank immediately and file a complaint immediately so that they can resolve your issue, in writing and well documented.
If the bank refuses to assist or refund, let us know so that we can provide further guidance.