The Barbados Statistical Service takes safeguarding information seriously and promises a quick and thorough response to security incidents.
Updates on Cyber Incident
The Barbados Statistical Service recently experienced a cyber incident. Below is the latest information on the incident.
Ongoing investigations suggest that the systems of the BSS were breached on October 29, 2024. Data was taken from the BSS’s systems by a criminal ransomware group. This breach has affected several of the BSS’ servers, including those housing sensitive personal and statistical data. The data involved includes employee HR records and information captured for research purposes by the BSS.
Within 24 hours of the detection of the intrusion into the systems of the BSS, a Cybersecurity Incident Response team, led by the BDF Cyber Unit and the Ministry of Information Science and Technology was mobilised and deployed, to investigate and contain the incident.
The BSS isolated affected systems and engaged cybersecurity experts to secure their network. The incident has been contained.
The breach impacted the BSS’ file servers, domain controllers, and other critical systems. BSS backups have allowed data and essential services to be restored. Data has not been lost.
In accordance with the Data Protection Act, the Data Protection Commissioner was advised of the incident. The BSS will continue to maintain open channels of communication with the Commissioner and other partner agencies.
It is possible that information stolen by the threat actors may be used for illicit purposes including:
- Online impersonation
- Selling data to other illegal actors
- Phishing attacks
- Extortion
- Accessing secure accounts
The BSS understands and takes seriously its obligation to preserve public trust in the very important work of this department. With the increasing frequency of these types of attacks globally, we continue to invest in and secure our systems against these types of attacks,
If you have any questions, feel free to reach out to us at dataprotection@barstats.gov.bb or fill out the contact form at the bottom of this page.
Frequently Asked Questions
When did the cyber incident take place? The incident took place between October 29, 2024 and October 31st, 2024
When was it discovered? The incident was discovered on October 31, 2024
How soon was the public informed? The Data Protection Commissioner was immediately notified. Within 24 hours, an incident response team was mobilised to assess and contain the incident. The first public statement was issued on November 12, 2024.
How often have you been providing updates to the public? Since the first public statement, the Barbados Statistical Service (BSS) and Ministry of Industry, Innovation, Science and Technology (MIST) have updated the public at regular intervals.
Who has been working to solve this issue? Resources have been mobilised from across the Government. The incident response team, has been supported by BSS and MIST. The Office of the Prime Minister has dedicated significant resources as well.
What steps have been taken to recover any stolen information? When the incident was discovered, all systems were immediately taken offline. Since then, the incident response team has been working tirelessly to restore data from secure backups.
How did this happen? Investigations show that threat actors gained access through a compromised user account.
What does BSS have in place to prevent these attacks? BSS continuously invests in building our cyber capacity. We have appropriate tools and technology in place to protect against attacks. But, as we know that there are individuals and groups who work to infiltrate these systems, we continue to strengthen our safeguards.
What kinds of information were accessed? The data involved includes employee HR records and information captured for research purposes by the BSS.
What steps will BSS take to keep the public informed?
When will this be over? We have already contained the incident. That means we have strengthened internal measures against any further damage. But we continue to work on identifying and recovering affected data.
What to do
If you suspect your identity or sensitive details about you, or your business, have been stolen, consider the following:
1. Contact and Cancel
2. Report it to the Police
How you can secure your information
1. Everyday Tips
2. Protect yourself online
How BSS safeguards information
The mandate of the Barbados Statistical Service (BSS) is to provide reliable and timely key economic and social statistics which decision makers and other users need. We remain dedicated to this mission while continuing to prioritize the privacy and security of the public we serve.
The BSS is taking several measures to continue to safeguard information going forward. This includes making greater use of techniques to prevent accessing and using any information we store. Our systems have also been hardened to lessen the possibility of future reoccurrences.
Please use the form below if you have further questions.