Guaranty Trust Bank (GTBank), one of Nigeria’s leading financial institutions, has confirmed an isolated attempt to compromise its website domain.
The incident, which left the bank’s online platform temporarily inaccessible, was reported by customers late on Wednesday, August 14, 2024.
Users attempting to log into www.gtbank.com encountered error messages, raising concerns about a potential security breach.
The disruption occurred just 24 hours after GTBank renewed its domain name for another five years, extending from August 13, 2023, to March 21, 2029, as noted by various domain analysis platforms.
Cybersecurity experts familiar with the Nigerian banking sector suggest that the breach may have involved an attempt to compromise the bank’s login details rather than the domain itself, possibly to facilitate a phishing scheme aimed at stealing customer data.
No hacker group has yet claimed responsibility for the attack, but it appears that the perpetrators created a fraudulent HTTP layer on the website to deceive users and obtain sensitive information.
As a result, many GTBank customers, unable to conduct transactions through the compromised site, have taken to social media, particularly the platform X, to express their frustrations and concerns about potential data breaches.
Despite the breach, GTBank’s mobile infrastructure remains unaffected, with its iOS and Android apps still operational at the time of reporting.
In response to the incident, GTBank issued a statement on Thursday addressing recent media reports that claimed hackers had seized and cloned its website to intercept customer data.
The bank clarified, “Our attention has been drawn to reports in the media alleging that hackers have seized the Bank’s website, cloned it and intercepted customer data.
“While there was an isolated incident of an attempt to compromise our website domain, we would like to assure all our Customers and Stakeholders that the Bank’s website has not been cloned and that we do not store customer information on our website, and as such, there has been no instance of compromise of customer data.
“We would like to assure all our Customers and Stakeholders that the Bank’s website has not been cloned.”