Cyberattack Targets Supplier to Ukraine's National Bank
A cyberattack on a contractor for Ukraine's National Bank (NBU) forced the temporary shutdown of an online store selling commemorative coins. The breach potentially exposed users' personal information, including:
- First name
- Last name
- Phone number
- Email address
- Delivery address
However, customers' financial data remains secure, as payment card details and other banking information were not compromised in the incident.
National Bank Systems Remain Secure
The attack was executed using a supply chain method, targeting the bank's vendor. Despite this, the National Bank's own core systems and data protection infrastructure continue to operate normally. The NBU's architecture isolates contractors from its critical infrastructure, providing an additional layer of security. Necessary steps are currently being taken to investigate the incident and assess its potential impact. The National Bank of Ukraine is working with the service provider to mitigate the consequences of the cyberattack.
This incident highlights the persistent cybersecurity threats facing the financial sector, where attackers constantly develop new methods to access sensitive data. As Ukraine's central financial institution, the NBU is taking measures to protect client data and ensure the stability of the financial system. The bank's response to this situation could set an important precedent for future cybersecurity steps in Ukraine. It is worth noting that the NBU recently issued a new commemorative coin dedicated to the Archangel Michael. The coin has a face value of 20 UAH and is made of 900-carat gold. A contract for an automated system to destroy coins was signed on December 30, 2025, with the Slovak company Monea Coin Technology s.r.o., with a procurement value of 252,300 euros.