Attorney General's Office on Hack of RGD database

The e-Service Business Registration Platform of the Registrar-General’s Office was launched by the Bahamas Government in 2016.

The data required by law to be maintained in the Companies registry is available to the public, upon the payment of a Search Fee.

Since 2000 as a part of our compliance regime it has been a legal requirement that a register of directors and officers be filed at the Companies registry. The Bahamas remains committed to the transparency of its corporate registry.

Having said this, we regret to confirm that sometime during the month of January 2020, criminal elements associated with a group called “Distributed Denial of Secrets” unlawfully hacked into the AS400 Server housing the Registrar-General’s filings information - which is thereafter transferred to the e-Services Business Registration system - and stole the information therein housed. The said information has recently been published and widely distributed. These acts are breaches of the Data Protection Act and the Penal Code.

It should be specifically noted that the data, illicitly acquired, is required by Law to be maintained in the Companies Registry and is readily available to the public, upon payment of a search fee.

This group was apparently formed in or about December 2019. Two persons have come forward and have been identified as principal “activists” in the group, namely Emma Best and Lorax Horne.

A thorough Police investigation is also currently underway, along with a review of all digital security systems.

Based on the findings, all necessary action will be taken to ensure that we maintain the requisite data protection, as we understand the importance of this to upholding Bahamian Law, to the business community and to the general public.

The Office of the Registrar-General, under the guidance of DTAD, was ALREADY in the midst of upgrading to a new Server, with improved security features. This process is now being accelerated.

It is important to note that the secured and separate database storing beneficial ownership data required to be electronically filed, under the Register of Beneficial Ownership Act, was not affected by the hacking exercise; nor was the same in any way compromised.