Senegal Treasury: Incident in the State’s Financial Infrastructure

In Senegal, a serious IT incident affected the Directorate General of Public Accounting and the Treasury (DGCPT). The agency confirmed on May 11, 2026, that a significant part of its information systems had been disrupted by a cyber incident that began the previous day.

Director General Amadou Tidiane Gaye stated that the institution had activated its business continuity plan and implemented immediate protective measures to mitigate the impact. However, at the time of publication, the details of the incident and the specific nature of the disruption had not been disclosed.

The case is especially notable against the backdrop of previous cyberattacks targeting Senegalese government entities. In October 2025, another high-profile incident affected the General Directorate of Taxes and Domains (DGID). The breach was attributed to Black Shrantac, a cyber-extortion network that claimed to have stolen one terabyte of confidential administrative and personal data. Later dark web investigations raised questions about the real scale of the data theft, but the incident still became a warning sign for Senegal’s national digital security.

Repeated disruptions and cyber incidents in Senegal’s financial infrastructure show that protecting digital data assets is a critical task for government organizations in the country. Stronger access control, cyber resilience, user activity monitoring, and centralized incident response are becoming essential for public-sector cybersecurity.

Best Western: Social Engineering and Guest Data Breach

The second incident involves the international hotel chain Best Western International. According to an official data breach notification published by Turkey’s Personal Data Protection Authority (KVKK) an external attack using social engineering methods led to the compromise of data belonging to 10,785 people in Turkey.

The attack exploited the human factor, which remains one of the weakest links even in large international companies. Unauthorized person or persons gained access to an online application used by the data controller through a compromised employee account.

According to KVKK, the breach took place between October 14, 2025, and April 23, 2026, and was detected on April 23, 2026.

As a result of the incident, attackers were able to access confidential guest information requested during the booking process. The compromised data included:

• Name
• Email address
• Phone number
• Address data
• Additional reservation information (accommodation location, booking dates, special requests, etc.)

After the incident was discovered, the application was taken offline and unauthorized access was revoked. Best Western also engaged external security experts to investigate the breach and strengthen existing security measures.

UAE Cyberattacks Surge: Rising Threats and the New Role of AI

The third important signal comes from the United Arab Emirates. According to Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, the country has been recording around 530,000 cyber incidents per day. Before the latest escalation in March, that figure stood at around 200,000 daily incidents.

This sharp negative trend is driven by the spread of AI-powered threats. Government services, the financial sector, energy, transport, water infrastructure, and other elements of critical infrastructure are under particular pressure. In these sectors, a cyber incident can lead not only to data leakage, but also to disruption of vital systems. Dr. Al Kuwaiti emphasizes that the traditional prevention‑only model is no longer sufficient. Organizations need to adopt the assume breach principle: assume that a compromise may occur and design systems in advance to minimize potential damage.

This is especially important as AI becomes part of both the offensive and corporate environments. Today, artificial intelligence is used everywhere. Attackers use it to automate attacks, bypass security systems, and generate phishing emails. At the same time, employees increasingly upload confidential data to public AI models without fully understanding the risks. Every such interaction turns an AI service into an uncontrolled third-party participant in business processes.

The only way to protect the perimeter in this new environment is to implement modern solutions designed with the dynamic development of technologies such as AI in mind. Traditional DLP systems that monitor only a limited number of channels are not able to control the context of communication between a person and a neural network.

SearchInform Next-Gen DLP provides comprehensive data protection for corporate data, including monitoring and prevention of leaks through a fast-growing channel: communication with artificial intelligence.

Learn more about how AI is becoming a new data leakage channel – and how to control this risk – in our analytical report: Request it