Data Breach Notification

Dear Valued Customer/Shareholder,
​
We regret to inform you about a recent cybersecurity incident that resulted in unauthorized access to sensitive areas of our network, leading to a confirmed data breach. On Thursday, February 27, 2025, our internal monitoring systems detected suspicious activity, which was identified as a ransomware attack. At that time, we did not observe any loss of any personal data of our customers or shareholders.
​
After an in-depth investigation by international cybersecurity experts, we confirmed on Friday, March 21, 2025, that certain personal data was accessed and stolen by unauthorized parties.
​
Our cybersecurity experts have determined that personal data, including names, Taxpayer Registration Numbers (TRN), employee numbers, and employer details, were accessed and stolen by unauthorized individuals. Unfortunately, this information has been made available online We are actively assessing the full extent of the breach and will provide further updates as necessary.
​
Due to the type of data involved, there is a chance that your personal information could be used without authorization, fraudulently, or through identity theft. We urge you to stay alert, check your personal accounts and financial statements for any odd activity, and take the necessary security measures to protect your data.
​
In response to this incident, we immediately reached out to our international cybersecurity consultant and restricted access to the affected systems. Prior to the breach, we had implemented the following security measures:
​
-
Network monitors
-
Firewalls
-
Endpoint detection and response
-
Patch management systems
-
Vulnerability detection
We have reinforced our existing security protocols to prevent further unauthorized access. We are continuing to work with cybersecurity experts to identify and address any vulnerabilities, and we have implemented additional monitoring measures to detect any future threats.
​
We immediately reported this matter to the police, the Office of the Information Commissioner, the Jamaica Stock Exchange and other regulatory bodies.
​
We will continue to provide updates as more information becomes available. We sincerely regret any inconvenience this incident may have caused and we assure you that we are working diligently to contain this incident and minimize any impact to your personal information.
​
For further inquiries or concerns, please contact our Data Protection Officer, Mrs. Karen Cobourne, at dpo@accessfinanceonline.com.
​
Thank you for your understanding and cooperation.
Frequently Asked Questions
1. Did Access send out a text notification?
o Yes. On March 25, 2025, Access Financial Services Ltd sent a text message from “ACCESS FIN”.
​
2. Was my information leaked?
o We are currently unable to confirm the exact nature of all the data that may have been impacted.
​
3. Did Access fix the problem/leak?
o We have strengthened our security protocols to prevent further unauthorized access. We are also working with cybersecurity experts to address vulnerabilities and have implemented additional monitoring measures to detect potential threats.
​
4. Why is a Bailiff from Access calling me about owing money?
o If you are receiving calls about owing money and want to verify their authenticity, please contact us directly at 876-929-9253 or customerservice@accessfinanceonline.com
​
5. What should I do if I notice anything suspicious on my accounts?
o We strongly advise you to stay vigilant, regularly review your personal accounts for any unusual activity, and take the necessary steps to protect your data.
​
6. Was I one of the people whose information was stolen?
o We are unable to confirm the nature of all the data that has been impacted at this time.
​
7. How can I know if I was affected?
o If we are able to confirm that your information was impacted, we will notify you directly. We are still assessing the full scope of the situation. Please monitor your accounts closely for any unusual activity.
​
8. If I see any fraudulent activities on my account, should I contact you?
o If you notice any fraudulent activities, please contact the relevant authorities immediately.
​
9. Will I be informed if my information was stolen?
o If we are able to confirm that your information was impacted, we will notify you directly.
​
10. What are we doing to recover my information?
o We are working diligently to contain this incident and minimize any impact to your personal information.
​
11. Was my banking information stolen as well?
o We are unable to confirm the nature of all the data that has been impacted at this time.
​
12. Was my picture taken?
o We are unable to confirm the nature of all the data that has been impacted at this time.
​
13. Has the incident been reported to law enforcement authorities?
o We have reported the matter to the police, all relevant regulatory bodies.
​​
14. I gather that the breach occurred from late February; why are customers being advised so late?
o On Thursday, February 27, 2025, our internal monitoring systems detected suspicious activity, which was identified as a ransomware attack. At that time, we did not observe any loss of any personal data of our customers or shareholders.
​
After an in-depth investigation by international cybersecurity experts, we confirmed on Friday, March 21, 2025, that certain personal data was accessed and stolen by unauthorized parties.