14 Aug 2018
Pune: Cosmos Bank's server hacked; over Rs. 94cr siphoned off
Hackers managed to transfer over Rs. 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank's debit cards.
The fraudulent transactions were carried out on August 11 and August 13 through 25 ATMs located in Canada, Hong Kong, and a few in India.
The cards that were cloned were of Visa and RuPay.
Nothing taken from customers' accounts, bank incurred the loss: Official
Pune-based Cosmos Bank maintained that the core banking system (CBS) was not attacked and the malware attack was on the switch, which is operative for payment gateways of Visa and RuPay debit cards.
"None of the customers' accounts were touched and it is the bank which has incurred the loss of this money," a senior bank official said.
Hackers withdrew over Rs. 94 crore on two-three occasions
While cloning the Visa and RuPay debit cards of bank account holders and using a parallel system to the National Payment Corporation of India (NPCI), the hackers self-approved the transactions and withdrew over Rs. 94 crore on two to three occasions, the bank official added.
"It was Visa and RuPay who appraised about these fraudulent transactions to Reserve Bank," said the official.
Details of when and how the hackers transferred Rs. 94cr
"On August 11, the hackers cloned the card details and did over 12,000 transactions and transferred Rs. 78cr out of India. On the second instance, total 2,849 transactions were done in which Rs. 2.5cr was transferred within India," the FIR said.
It also said that on August 13, hackers again transferred Rs. 13.92cr in a Hong Kong-based bank by using fraudulent swift transactions.
Bank has shut down all servers and net banking facilities
Realizing the cyber-attack, the cooperative bank then registered an FIR with the Chatushringi police station. As a precautionary measure, the bank has closed all its servers and net banking facilities, according to the official.
Case registered under relevant sections of IPC and IT ACT
A case has been registered under Sections 43, 65, 66(C), and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code.