On the night of February 16, the bank experienced a large-scale cyberattack with unauthorized write-offs of funds, and today the National Bank reported a cyberattack on a contractor, which temporarily caused the online store of numismatic products to be out of service and may have leaked some of the personal data of customers.
On the night of February 16, the bank experienced a large-scale cyberattack with unauthorized write-offs of funds, and today the National Bank reported a cyberattack on a contractor, which temporarily caused the online store of numismatic products to be out of service and may have leaked some of the personal data of customers.
According to the bank, the attack occurred on the night of February 15-16, and some customers experienced unauthorized withdrawals. The bank claims that this was a new type of attack for the banking system, it was stopped, and all the withdrawn money was returned to the victims, so customers allegedly did not suffer financial losses. The bank published a statement on February 18, explaining the pause by the fact that it initially focused on recovery and assistance, and is now trying to identify the attackers in parallel.
Separately today, the National Bank of Ukraine warned that its online store of numismatic products is temporarily unavailable due to a cyberattack on a contractor company. The regulator noted that personal data that users provided during registration and delivery (name, phone, e-mail, address) could potentially have been obtained. At the same time, payment card details and other banking data related to transactions, according to the NBU, were not compromised.
In its explanation, the NBU separately emphasized the risk of phishing after the incident: attackers can use contact details for «calls on behalf of the bank» or letters asking to «urgently confirm data.» The regulator emphasized that NBU employees do not specify card details, do not ask for alternative payment for the order, and do not send links for «verification,» and called the case itself an example of a supply chain attack, when they hit the weakest link in the chain of contractors.
Previously, dev.ua wrote about how, according to Microsoft, Ukraine became one of the countries whose organizations and users suffered the most cyberattacks in the first half of 2025.
