The GTBank ‘hack’: What we know already…
As you may be aware, the domain of the GTBank website, gtbank.com is unavailable to its customers. According to a statement credited to the bank (via online sources):
“While there was an isolated incident of an attempt to compromise our website domain, we would like to assure all our customers and stakeholders that the bank’s website has not been cloned and that we do not store customer information on our website, and as such, there has been no instance of compromise of customer data”
What we know…
gtbank.com is not available as a GTBank website, currently showing a dummy registration page.
Depositors funds appear to be safe, also as confirmed by the bank and continued service availability of the mobile applications.
We also observed that the Internet Banking Page, ibank.gtbank.com, is still loading and appears to be operational.
What we think…
The ‘hacking’ story seems a bit far-fetched, and the bank seemed to deny it too. So, it seems less of a takeover by suspected hackers but rather domain profiteers. It appears this may just be a case of a delayed domain renewal before expiry – for which domain profiteers were waiting to pounce. Clearly, this is embarrassing for the bank, but people make mistakes, and maybe this is a grave one.
What else might GTBank do….
I consider the bank should inform its customers via their official channels. Yes, there has been an official statement but seems this is really being shared in the other news and web platforms, not GTBank’s. As at the time of this writing, there was no reference information on gtoplc.com (the Group website) or their Instagram handle (@gtbank) or their verified X handle (@gtbank). They may also send information to their customers to avoid them falling to scam links that may be posted on the dummy page.
On a slightly technical level, I suggest the bank should disconnect the ibank.gtbank.com portal from its database. I may not be as experienced as their “Information Security experts” but if someone has takes over the root site, they may as well clone the ibank.gtbank.com as-is and receive login information from unsuspecting customers. So maybe safe to disconnect this channel and keep only the mobile apps running till resolution.
More importantly though, they should inform via their official channels. I consider it might be damage-limitation but if this lingers and without resolution of the incident, it might be even more embarrassing.
