Officials claim Bank of Ceylon systems went offline due to a glitch

Earlier today, Bank of Ceylon’s online systems appeared to have gone offline. According to several customers, BOC’s online banking was down for the entirety of the day, with its customer service being equally unresponsive. The Sunday Times reported that Bank of Ceylon was hit with a malware attack. However, BOC’s infosec team has denied the claim, stating that it’s a “glitch in the month-end process.”

While the systems remained inaccessible for most of the day, the Bank of Ceylon finally issued a brief notice announcing that it’s now back online after a technical issue. Although, the bank hasn’t divulged any specifics as to what caused the issue.

Of course, this isn’t the first time a Sri Lankan bank’s systems have gone offline. Sri Lankan banks suspend online operations often over updates and system maintenance-related issues. Further, it’s not uncommon for banking systems to be routine targets for cyber attacks. For instance, both Commercial Bank and Sampath Bank have faced cybersecurity incidents in recent years.

Sri Lanka’s transparency problem

However, BOC’s lack of communication even as its online banking was down for most of the day, does little to appease the average customer. But this is only the latest among a long list of instances where organizations maintain minimal engagement with the public over cybersecurity-related matters.

Recently, ReadMe reported a possible data breach at PickMe dating back to August. While the company refuted all claims and assured users of their data’s safety, PickMe offered no detailed explainer or technical feedback. Even after PayHere’s data breach compromised over 1.5 million records, it wasn’t until mass vocal opposition that the company opted to be more transparent on its post-incident processes.

Now, with the government pushing for digitalization, digital/mobile payment schemes like LankaQR and mobile banking will only go so far as proactive transparency remains a critical component. Of course, legislation like the Personal Data Protection Act has the potential to fill in the gap around data privacy-related issues. But without an active engagement with consumers, a more problematic situation could easily snowball, as the PickMe and PayHere incidents have shown.