Union Bank's July 2016 crisis - $171mn hacked

"It was around 10:30am" on July 21, says MD Arun Tiwari. "The thing uppermost in my mind was I had to quickly get onto the money trail."

By then, $171mn had already been debited to banks in Cambodia, Thailand, Taiwan and Australia.

Tiwari informed RBI, the foreign ministry and the Indian Computer Emergency Response Team; he also roped in consultancy-firm EY the same day.

The breach, it was discovered, was caused by a spam email fraudulently marked from 'RBI', which had a malware attached. The mail was sent to 15 email IDs.

Some of the mails were flagged by IT security, while a few employees realized it's a phishing attempt. But someone clicked on the link and the malware was released into the bank's servers.

Officials began with network forensics; one of the first steps was to delink its "380-odd SWIFT pan-India connections", and centralize operations.

However, it had to work with "limited resources".

A floor was cordoned off at Mumbai's Union Bank Bhawan and employees involved asked not to leave till operations ended.

On July 22, Union informed the trail had been traced and movement of funds suspended.

Kiran Shetty, SWIFT India CEO, insists their system had "never been compromised"; he said they haven't received "full details" from Union either.

Meanwhile, Tiwari maintained he cannot share details because he didn't have a copy. However, he says the measures undertaken subsequently included "the most stringent filtering".

However, despite the best security measures in place, Tiwari said he wouldn't rule out future cyber attacks.

Shetty of Swift announced roadshows in five cities on awareness about cyber security. A customer security programme mandates 16 controls and advises another 11.

He also said a fast rate of digitization necessitated increased investments on the cyber side too.

The RBI has, meanwhile, recommended a chief information and security officer who reports directly to the board.