Deposit Protection Corporation website briefly compromised, issue promptly resolved but questions remain

Leonard Sengere Avatar
RBZ, Central bank Zimbabwe, Zimbawean Financial Institutions, Monetary Policy Committee

Late last month, we discussed Zimbabwe being the third most cyber-attacked country in the world. Certain reports supported this claim, although many disagreed with the ranking.

Maybe we aren’t third, but the fact remains—we have a cybersecurity problem. Over the years, we’ve spoken to many ‘IT guys’ in this country who confirm that Zimbabwean organisations are regularly attacked. However, they often don’t report these incidents.

Case in point:

DPC briefly compromised

The Deposit Protection Corporation of Zimbabwe (DPC) primarily exists to protect depositors against the loss of their money if a financial institution fails.

Last week, the DPC experienced a brief security issue on their official website, during which inappropriate content was displayed. The content appeared in a foreign language, suggesting that the breach may have been caused by a foreign entity. The language appeared to be of Asian origin.

The issue, detected on September 3rd, was promptly addressed by the corporation, and normal service has since resumed.

The incident involved unauthorised content on the homepage, potentially indicating a website hack or security breach.

Such incidents expose vulnerabilities that could put sensitive information at risk. However, there is no evidence at this time to suggest any data was compromised.

Despite efforts to contact the DPC for comment on the nature of the breach and any potential data risks, the corporation has not yet released an official statement. However, the swift removal of the inappropriate content suggests that they acted quickly once the issue was identified.

While the issue has been resolved, this incident highlights the importance of robust cybersecurity measures, especially for organizations like the DPC that handle public trust and sensitive financial data.

Website breaches pose risks beyond inappropriate content; they can also lead to phishing attacks or unauthorized data access.

As cybersecurity threats become more sophisticated, it is vital for institutions to maintain transparency with the public when breaches occur. This helps protect users and restore confidence in their digital services.

Big deal or nothing burger?

I believe we, as Zimbabweans, have become so accustomed to seeing hacked websites that we no longer consider it a big deal. However, we need to understand that the DPC website hack should not be taken lightly.

At the start of this month, the DPC posted, “Happy New Month! September is here! Let’s embrace this new month with renewed hope, optimism, and financial security. Remember, your deposits are safe with us.”

That’s the critical point here—we’re talking about money. Our deposits should be safe with the DPC.

The DPC likely holds sensitive information about depositors and financial institutions, including:

  • Bank account details: Information on protected bank accounts from various financial institutions, including account numbers, balances, and transaction histories.
  • Personal information: Depositors’ personal details such as names, addresses, identification numbers, and contact information.
  • Bank records: Financial records from banks and institutions under the corporation’s protection, detailing their deposits and operations.

If this data is exposed, we could face identity theft, financial fraud, and corporate espionage. Worse yet, it could become a national security issue.

If foreign actors are involved, as in this case, the breach could be part of a broader strategy to disrupt the country’s financial infrastructure.

If hackers expose systemic weaknesses in the banking system, they could weaken public trust and compromise economic stability. This is something Zimbabwe cannot afford, especially with existing trust issues unrelated to systems but rather the currency situation.

Not saying DPC exposed data

Let’s be absolutely clear—some might mischaracterise what we’re discussing. We are not saying the sensitive information held by the DPC was exposed. We are not suggesting anything beyond the website hack. There is no evidence to support that claim.

What we are saying is that the DPC should be transparent and inform the nation about the extent of the compromise. We know the website was compromised, but we don’t know if anything else was affected.

The DPC holds sensitive information and plays a critical role in the economy. They should reassure the public that the hack was not more severe than it appeared. If the hack was severe, they should still advise the public.

It’s important to determine whether there were any broader security risks to the public.

Transparency in such cases often helps rebuild confidence, and any further information the DPC can share would be valuable.

Also read:

6 comments

  1. Disclose Hacks

    Zim companies especially Banks must by law be forced to inform their clients when they have been hacked. Banks have a tendency to lie about upgrading their system when in actual fact they are trying to mitigate the effects of a hack. Shortly after they will force you to get a new bank card or switch accounts etc out of the blue. I still have unexplained such incidents with BancAbc & NMB Bank.

  2. Felex

    Nit related but can you help. How can i watch zbc online, it seems the zbc app is not working

    1. Com

      It doesn’t belong online, panoda aerial.

    2. Indomitable Lion

      YouTube and Facebook

  3. Finch

    this statement “Zimbabwe being the third most cyber-attacked country in the world” is just not true

  4. Finch

    this statement “Zimbabwe being the third most cyber-attacked country in the world” is just not true at all

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.