Coat of Arms BARBADOS STATISTICAL SERVICE Barbados Flag
Menu Close

The Barbados Statistical Service takes safeguarding information seriously and promises a quick and thorough response to security incidents.  

Updates on Cyber Incident 

The Barbados Statistical Service recently experienced a cyber incident. Below is the latest information on the incident.  

Ongoing investigations suggest that the systems of the BSS were breached on October 29, 2024. Data was taken from the BSS’s systems by a criminal ransomware group. This breach has affected several of the BSS’ servers, including those housing sensitive personal and statistical data. The data involved includes employee HR records and information captured for research purposes by the BSS. 

Within 24 hours of the detection of the intrusion into the systems of the BSS, a Cybersecurity Incident Response team, led by the BDF Cyber Unit and the Ministry of Information Science and Technology was mobilised and deployed, to investigate and contain the incident.   

The BSS isolated affected systems and engaged cybersecurity experts to secure their network.  The incident has been contained. 

The breach impacted the BSS’ file servers, domain controllers, and other critical systems. BSS backups have allowed data and essential services to be restored. Data has not been lost. 

In accordance with the Data Protection Act, the Data Protection Commissioner was advised of the incident. The BSS will continue to maintain open channels of communication with the Commissioner and other partner agencies. 

It is possible that information stolen by the threat actors may be used for illicit purposes including: 

  • Online impersonation 
  • Selling data to other illegal actors 
  • Phishing attacks 
  • Extortion 
  • Accessing secure accounts 

The BSS understands and takes seriously its obligation to preserve public trust in the very important work of this department. With the increasing frequency of these types of attacks globally, we continue to invest in and secure our systems against these types of attacks, 

If you have any questions, feel free to reach out to us at dataprotection@barstats.gov.bb or fill out the contact form at the bottom of this page.

Frequently Asked Questions

When did the cyber incident take place?

The incident took place between October 29, 2024 and October 31st, 2024 

When was it discovered?

The incident was discovered on October 31, 2024 

How soon was the public informed?

The Data Protection Commissioner was immediately notified. Within 24 hours, an incident response team was mobilised to assess and contain the incident. The first public statement was issued on November 12, 2024. 

How often have you been providing updates to the public?

Since the first public statement, the Barbados Statistical Service (BSS) and Ministry of Industry, Innovation, Science and Technology (MIST) have updated the public at regular intervals. 

Who has been working to solve this issue?

Resources have been mobilised from across the Government. The incident response team, has been supported by BSS and MIST. The Office of the Prime Minister has dedicated significant resources as well.

What steps have been taken to recover any stolen information?

When the incident was discovered, all systems were immediately taken offline. Since then, the incident response team has been working tirelessly to restore data from secure backups. 

How did this happen?

Investigations show that threat actors gained access through a compromised user account. 

What does BSS have in place to prevent these attacks?

BSS continuously invests in building our cyber capacity. We have appropriate tools and technology in place to protect against attacks. But, as we know that there are individuals and groups who work to infiltrate these systems, we continue to strengthen our safeguards. 

What kinds of information were accessed?

The data involved includes employee HR records and information captured for research purposes by the BSS.

What steps will BSS take to keep the public informed?

We have set up this web page that people can access at any time to get updates, and information on how to stay safe online. You can also find this information on our social media pages on Facebook and Instagram

When will this be over?

We have already contained the incident. That means we have strengthened internal measures against any further damage. But we continue to work on identifying and recovering affected data. 

What to do 

If you suspect your identity or sensitive details about you, or your business, have been stolen, consider the following: 

1. Contact and Cancel

 

    • Contact the business or entity where someone pretending to be you has committed fraud. 
    • Explain that your identity has been stolen 
    • Close new accounts in your name 
    • Ask the business to officially confirm that the activity was not done by you 
    • Contact the government entity that issued the compromised ID or holds the stolen information. 
    • Ask them to cancel or reissue the ID 
    • Follow the instructions set out by the entity for this 
    • Note that this might take some time, as agencies need to check a lot of information again. Be patient. 
    • Destroy or surrender any copies of old IDs  
    • Update bank and other accounts with the new ID information 
    • Before you receive the new details, notify your bank, workplace, or school that your identity has been stolen 
    • Notify credit bureaus that fraudsters might be using your details to carry out transactions  
    • Ask them to put a fraud alert on your credit report 
    • Cancel or change the password or authentication method for all possibly affected online services 
    • For utilities such as water or electricity, ask for your account to be investigated or closed 


 2. Report it to the Police

    •  Report any indication that your identity has been stolen to the police  
    • Suspicious incidents include unverified credit card charges, notification of new loan or credit card applications, missing bills or letters 
    • If impersonators use your identity to commit crimes, ask for the imposter’s real name (rather than yours) to appear in police and court records.  

How you can secure your information 

1. Everyday Tips

    • Avoid sharing ID information with others, especially online (Trident ID, passport, NIS number, etc.)  
    • It doesn’t matter who it is. Your ID information should be shared only when strictly necessary 
    • Monitor all letters, emails, text messages or phone calls you receive 
    • Fraudulent email addresses can look ‘official’ 
    • Instead of replying to messages directly, or calling the number listed in the message, contact the business using their official contact information to verify the message  
    • If you get a text to pay your electricity bill now or your service will be disconnected, do not answer the text. Don’t call the number in the text. Don’t click on any link in the text. Call or visit Barbados Light & Power to confirm.  
    • Be suspicious of contact from numbers you don’t recognise, but the people claim to be family members. Always call to check 
    • Monitor your credit closely 
    • Check any charges you do not recognise or recall 
    • Monitor your financial transactions closely, especially those done online or with credit cards 
    • Monitor utility bills for unusual charges  


 2. Protect yourself online
 

    • Don’t use the same password for everything  
    • Use strong password generators or three random words to create a strong password 
    • Change passwords frequently  
    • Consider using a secure password manager to store them 
    • Use multi factor authentication (MFA) where possible 
    • This is where you have to sign in two different sources like your phone and your computer to gain access to your accounts 
    • Use a secure internet connection 
    • If you suspect your device is being attacked, disconnect it from the internet immediately 
    • Get educated 
    • If your school or workplace has cybersecurity training, take it seriously 
    • Threat actors usually impose use time deadlines or emotional manipulation to force us to act quickly 
    • Training prepares us to respond appropriately in a crisis 

 How BSS safeguards information

The mandate of the Barbados Statistical Service (BSS) is to provide reliable and timely key economic and social statistics which decision makers and other users need. We remain dedicated to this mission while continuing to prioritize the privacy and security of the public we serve. 

The BSS is taking several measures to continue to safeguard information going forward. This includes making greater use of techniques to prevent accessing and using any information we store. Our systems have also been hardened to lessen the possibility of future reoccurrences.

Please use the form below if you have further questions.

Copy link
Powered by Social Snap