Libya has launched a broad investigation into a cybersecurity incident after the Central Bank of Libya confirmed that a sample of sensitive internal data had been leaked on the dark web following a cyberattack that targeted its systems several weeks ago.
The Central Bank acknowledged that part of its internal data had been exposed. Still, it stressed that the incident is being handled with the utmost professionalism, transparency, and technical expertise. It said specialized teams, working alongside international cybersecurity experts, are conducting detailed forensic analyses to determine the scope of the breach, identify the nature of the leaked information, assess its potential impact, and strengthen the bank’s digital defenses.
Earlier this month, the Central Bank announced that it had detected what it described as a serious cyberattack affecting parts of its information technology infrastructure. The institution immediately isolated the affected systems to contain the incident and minimize any disruption while launching a comprehensive investigation.
The leaked material, which surfaced on the dark web, reportedly includes administrative correspondence, procurement records, minutes of meetings, regulatory documents, and files related to several Libyan commercial banks dating back to 2020 and 2021. Cybersecurity analysts cited by local media estimated the volume of leaked data at approximately 20.7 gigabytes and suggested the publication could be part of an attempted cyber extortion campaign.
Libya’s Internal Security Agency confirmed it is investigating the incident and warned that some of the leaked files contain malicious software capable of compromising computers and granting unauthorized access to government and private networks. The agency urged all government institutions, banks, companies, and individuals to avoid downloading, opening, copying, or distributing any files obtained through the dark web or other unverified sources.
Authorities also instructed public employees who may have accessed the leaked material to immediately report the matter to their information technology departments or cybersecurity teams rather than attempting to inspect or delete the files themselves.
Despite the breach, the Central Bank emphasized that customer accounts, payment systems, and core banking services remain fully operational and have not been affected. It also reiterated that it will not negotiate with or respond to any extortion attempts, affirming that the investigation is being conducted in cooperation with Libyan security agencies and international cybersecurity specialists
