BankIslami lost $6m within 23 minutes in cyber attack

Finance Minister Asad Umar says according to SBP, no other bank had reported hacking of customers' data

0
1973

ISLAMABAD: Minister of State for Revenue Hammad Azhar on Friday told the Senate that hackers had stolen $6 million from the accounts of 6,000 BankIslami customers within 23 minutes last month.

“The stolen amount was not withdrawn from anyone’s bank account. Rather the issue is between the commercial bank and an insurance company,” he said. Azhar further added that “the top bank has further tightened the procedure of cross-border money transactions”.

Meanwhile, in a written response to a question by Senator Mushtaq Ahmed, Finance Minister Asad Umar stated that on Nov 6, the State Bank of Pakistan (SBP) had “categorically rubbished reports of data hack”.

“The SBP asserts that except for BankIslami, it didn’t receive any complaint of data hacking from any bank, or law enforcement agencies,” the finance minister wrote in his response. “However, on Oct 27, certain cash amount was hacked through international ATMs,” the minister further said.

The finance minister also submitted a press release by the top bank in the Upper House. Issued on Nov 6, the statement rejected the allegations of wide breach of data security.

Reports about a possible breach of classified credit and debit card data were doing rounds on the media in the first week of November. Thereupon, around 10 banks started investigations and blocked all international transactions on their cards.

Later, the Federal Investigation Agency (FIA) cybercrime wing head claimed that data from “almost all” the Pakistani banks were stolen. “Reportedly, data from almost all Pakistani banks have been hacked in the security breach,” Director FIA Cybercrimes wing retd. Capt Mohammad Shoaib told a local media house.

He further added that information from “most of the (domestic) banks” is at stake. Speaking to the reporters, Shoaib said that foreign-based hackers had breached the security systems of several domestic banks and added that “large sums of money have been taken out from bank accounts”.

He also said that more than FIA were investigating more than 100 cases in connection with the security breach.

“An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]… and the clients report [the theft] to the banks and not to us, resulting in a loss of people’s money,” Shoaib told.

‘DATA OF OVER 8,000 ACCOUNTS SOLD’

The SBP had been reportedly told by several commercial banks that they have suspended their international operations as a precautionary measure until further investigations.

According to a digital security website, data of more than 8000 accounts of 10 banks were available for sale in dark web – an illegal market of hackers.

The first incident was reported by Bank Islami on October 27 which claimed more than 2.8 million in international payments. Following the incident, the bank stopped international transactions allowing only “biometrically verified domestic payments on ATM cards”.

The top bank, however, had dismissed security breach reports. “SBP categorically rejects such reports,” it said.