Log In

Reset Password

Bermuda IT systems still affected by hack ten weeks on

Government IT systems are still being affected by the massive September cyberattack, which was first reported ten weeks ago, while the exact nature of the hack and whether personal data was stolen remains a mystery.

“It would not be appropriate to disclose specific details about the extent or nature of the cyberattack,” a government statement on Monday said.

The remaining issues seem mainly related to e-mails, including some messages sent to public authorities going astray, based on anecdotal information shared with The Royal Gazette by people with gov.bm addresses.

“The majority of government systems are available but still have some minor issues that are being addressed by the IT teams,” the statement said.

“This is having some effect on service delivery.”

The statement did not give details but noted that though the e-mail system was “restored” after the September 20 hack, “certain issues persist, which our IT team is actively resolving”.

“Concurrently, we are in the midst of enhancing and migrating the e-mail system, a process that may result in minor service disruptions as we strive for improvements.

“Individual e-mail concerns are being handled on a case-by-case basis.”

No information has been given about how many e-mails had disappeared or whether a log was being kept of messages reported missing.

The Deputy Governor told the Gazette last month that an e-mail sent from the newspaper to his gov.bm address was never received.

“I’m afraid that e-mails received in the weeks after the cyberattack may have gone astray, as was the case for your October e-mail,” Tom Oppenheim said.

A civil servant told the Gazette that an e-mail sent by a reporter on November 9 never arrived.

External links to bermudalaws.bm, a site maintained by the Attorney-General’s Chambers, are not working but it is not known whether the issue is related to the cyberattack.

The Premier, David Burt, and his Cabinet colleagues have been tight-lipped on the nature of the cyberattack, including whether it involved ransomware and whether personal data was exfiltrated.

A police investigation continues, and a parliamentary committee will be tasked with looking into how it happened and the Government’s response.

“The Government will initiate a full inquiry into the matter, and the findings will be made public,” the statement said.

“We assure the public that every effort is being made to resolve any outstanding issues promptly.”

A comprehensive list of services that went down was requested but not made available by the Government. An online list is available, though it is not clear when it was last updated.

On Monday, the Government published a request for proposal on the government procurement website seeking cybersecurity firms to carry out “external penetration tests” on computer systems.

The request said the aim was to find a vendor to conduct “external penetration tests” on specific software systems, including the tax and web portals.

“The selected vendor will be responsible for performing in-depth assessments to identify and address potential vulnerabilities in these critical systems,” it said.

The deadline for submissions was listed as 5pm on December 15, with the agreement expected to be signed on January 3.

You must be Registered or to post comment or to vote.

Published December 06, 2023 at 7:54 am (Updated December 06, 2023 at 7:54 am)

Bermuda IT systems still affected by hack ten weeks on

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon