The banking sector has always been a target of hackers worldwide. This time they have targeted Pakistan. The victim Bank Islami has confirmed in a statement that they suffered a hacking attack. What makes this incident distinct is that the Bank Islami cyber attack marks the nation’s biggest cyber attack in history.
Bank Islami Suffered A Major Cyber Attack Risking Millions
The cyber attack surfaced online on October 27, 2018, when bank customers received messages from the bank. The messages informed them of some unusual transactions from their cards in different countries.
As disclosed, the bank suffered a massive hacking attack. The attackers allegedly exploited the bank’s card system and transferred funds to accounts in other countries.
The initial reports indicated that the bank suffered a loss of approx. $6 million. However, the recently released official statement by the bank indicates a much lesser loss than expected. Officials state a mere loss of Rs. 2.6 million (roughly USD 19,500), which they have compensated to the victims. They stated:
“All funds withdrawn from the accounts (i.e. Rs. 2.6 Million) of our valued customers have been reversed.”
As explained, the bank has shut down its international payment scheme after it noticed unusual transactions. Hence, they do not acknowledge the initial speculations of the $6 million loss.
Subsequentially, after the Bank was cut off from the international payment scheme, the Bank was advised by international payment scheme that some transactions were made on international ATMs allegedly using Bank’s issued cards. However, no details have so far been shared with the Bank as to how such transactions were processed and validated when such transactions never landed on Bank’s system. These transactions, of approximately $6 million as claimed by international payment scheme, are not acknowledged by the Bank since the Bank was actually logged off from the international payment scheme at the time.
After the incident, the State Bank of Pakistan (SBP) has issued a security advisory for all banks to deal with such issues in the future.
Cyber Attack Marks It The Biggest In Pakistan’s History
While the bank statement did not reveal anything about how the breach happened
The transactions mainly originated from Brazil and the US, meanwhile, the bulk of the transactions can be traced back to Point of Sale (POS) at Target Stores. There is a clear breach of information at BankIslami’s part and it is being speculated that a digital copy of BankIslami customer’s credit card information was leaked to hackers.
Although the bank presents a much lower figure of loss, people do not really trust the claim made by the bank. while responding to the Bank Islami’s official HR tweet, one user claimed to have lost 3 million during the breach.
But a friend of mine lost around 3 Mn in online transfers, from your Islamabad Branch. How come you are denying it..!!!
— Xischaune (@XishanUlHaq) October 30, 2018
Besides, a statement in SBP security advisory also seconds the involvement of foreign POS and ATMs in the breach. This may also hint a massive loss (of $6 million probably) too.
As a result of security breach of payment cards of one of the banks in Pakistan yesterday and their unauthorized use on different delivery channels i.e. at ATMs and POS in different countries, the bank has temporarily restricted usage of its cards for overseas transactions.
If the count proves true, then the Bank Islami cyber attack would be the biggest in the nation’s history.
Bank Islami assures that routine operations remain unaffected. Moreover, they also confirm restoring the domestic ATM service on the same day. However, the international payment scheme will remain offline until the bank trusts correct mitigations of cybersecurity risks.