Advertisment

Cyber-breach: Duties stripped from WB CIO

author-image
CIOL Bureau
Updated On
New Update

WASHINGTON, DC, USA: In the wake of recent news reports showing serious breaches of the World Bank's information security system, the Government Accountability Project (GAP), learned from sources inside the bank as well as from an internal bank announcement, that duties have been stripped from the institution's chief information officer.

Advertisment

According to previous media reports and internal sources, the bank's records, which contain sensitive financial information from borrowing and donor countries, were repeatedly and illicitly accessed over the last year.

At the same time, the bank is trying to downplay the attacks, as it positions itself to assume a prominent role in addressing the global financial crisis. This cyber-breach situation raises troubling questions about its future effectiveness in dealing with the crisis.

GAP International Program Director Bea Edwards, said: "Our sources inside the bank have said that management has been looking for someone to take the fall for these breaches. The World Bank must ensure that its member countries' financial records are secure. If the Bank can't safeguard sensitive information, it can't be trusted to help with the global financial crisis."

Advertisment

Last night, bank manager, Juan Jose Daboub sent out an announcement to bank staff members regarding new personnel addressing the security issues. Part of the message was:

At the request of president Zoellick, Van Pulley will take over responsibility for WBG information security effective immediately and until more permanent arrangements are in place."

It is unknown at this time whether current bank information officer Guy de Poerck has been simply stripped of his security responsibilities, shifted to another position, or fired outright.

Advertisment

"This is like locking the barn door after the horse - and the key - have been stolen. It's is a cosmetic fix. The bank's information system has been breached repeatedly for months, and may need a massive overhaul," Edwards said.

World Bank spokespeople have been denying for months the seriousness of the cyber-incursions. Apparently, sanctions regarding security issues were only applied belatedly to an India-based company stemming from incidents that occurred as long ago as April. At the same time, the bank has delayed sanctioning five state-owned Chinese companies implicated in wrong doing.

In that case, the World Bank reportedly offered a deal to a reporter if he would delay publication of his story about the sanctions until after the G-20 Summit in Washington two weekends ago.

Daboub, who notified bank staff members last night about the immediate steps to re-secure the bank's information systems, is no stranger to controversy. Last year, during the Paul Wolfowitz scandal, GAP released information showing that Daboub instructed a team of bank specialists to delete all references to family planning services from a proposed assistance strategy for Madagascar, and later from the bank's overall Health and Nutrition Strategy.