Registrar General Department’s system hacked
The Office of the Attorney General said yesterday that the Registrar General Department’s business registration platform was hacked and the stolen information, which is available to the public for a fee, was recently published.
“[W]e regret to confirm that sometime during the month of January 2020, criminal elements associated with a group called Distributed Denial of Secrets unlawfully hacked into the AS400 server housing the Registrar General’s filings information – which is thereafter transferred to the e-services business registration system and stole the information therein housed,” the attorney general’s office said in a press release.
“The said information has recently been published and widely distributed. These acts are breaches of the Data Protection Act and the Penal Code.”
The release added, “A thorough police investigation is also currently underway, along with a review of all digital security systems.
“Based on the findings, all necessary action will be taken to ensure that we maintain the requisite data protection, as we understand the importance of this to upholding Bahamian law, to the business community and to the general public.
“The office of the Registrar General, under the guidance of DTAD (Department of Transformation and Digitization), was already in the midst of upgrading to a new server, with improved security features. This process is now being accelerated.”
The Office of the Attorney General stressed that the leaked information “is required by law to be maintained in the Companies Registry and is readily available to the public upon payment of a search fee”, and that beneficial ownership information, which is also required to be stored electronically, was not compromised as it is stored in a “secured and separate database”.
“Since 2000, as a part of our compliance regime, it has been a legal requirement that a register of directors and officers be filed at the Companies Registry,” it said.
“The Bahamas remains committed to the transparency of its corporate registry.”
Distributed Denial of Secrets, according to its website, is “a transparency collective aimed at enabling the free transmission of data in the public interest”.
Its name is a play on distributed denial-of-service (DDos), a cyberattack which interrupts online access.