By 
Access Bank has denied any data breach of its server and asked the public to discountenance a purported data leak that has exposed customers information including their Bank Verification Numbers (BVNs).
News of a Nigerian hacker, Ihebuzo Chris, who claimed to have hacked the security systems of Access Bank network to prove the bank’s vulnerability, has been making rounds in social media.
The hacker, with the sobriquet Python on Twitter, claimed he gained access and extracted the data of over 2,000 customers.
Python claimed he could have debited customers’ accounts without their consent having been able to access their confidential details within the bank’s vault.
Access Bank has said no such thing happened.
Nigeria’s principal legislation for data protection is the Nigeria Data Protection Regulation (NDPR) 2019. Banks are under obligation to protect customers information under the NDPR.
Concerns over e-security of banks
A viral video posted by the hacker purportedly showing customers’ accounts numbers, their BVN and other details is raising concerns about the e-security levels of banks in Nigeria.
But Access Bank in its reaction has denied the intrusion even as it assured customers of the safety of their personal information.
“A video of an individual claiming to be in possession of our customers’ banking details such as BVN and Account Number, has been brought to our notice,” the bank expressed in statement.
Adding: “We urge all customers to remain calm as there is no security breach. We are working with the appropriate authority to bring the perpetrator to book.
“Kindly note that our customers’ financial security is a top priority and we will never disclose any information that will jeopardize your safety.”
Phony hacker
Some observers have dismissed the hacker’s claim as fake. In making his post, Ihebuzo Chris inadvertently exposed himself. His name appeared on his computer screen, making him easily identifiable by those whose system he claimed to have hacked into and traceable subject by security agents.
“No hacker will do that. Not even an amateur,” said one commentator.
Edward .E. Onoriode who goes by the Twitter, @Edward_Onoriode, handle also posted: “Ihebuzo Chris claimed he hacked into Access bank server and got details of customers information. Fact is, the guy is a lousy idiot. Hackers doesn’t reveal their details the way he did. His name is boldly written on his system, his voice is clear and his email is visible.”
Some other experts have also assured bank customers that unauthorized access to BVN does not automatically allows transactions on any account.
“There are other steps required to mitigate such unwarranted intrusions, if at all there was any,” said one expert in Lagos.
“BVN does not authorize transaction. It is your unique identifier. It’s just like saying because I know your account number and name, I can transfer money out your account, which isn’t possible,” added another commentator on Twitter.
