PUNE — The banking sector was rattled once again after hackers siphoned off a whopping Rs. 94.42 crore from the Cosmos Cooperative Bank Ltd – the second oldest and second biggest cooperative bank in India – to foreign and domestic bank accounts, officials said Aug. 14.
Shockingly, the Cosmos Bank admitted that it was "cyber-attacked twice, first on Saturday and again on Monday," with ATM withdrawals taking place in at least 28 countries, according to a First Information Report lodged by a senior official with Chaturshringi Police Station.
The police complaint said the first attack took place Aug. 11 between 3:00 p.m. and 10:00 p.m. and the second on Aug. 13 around 11:30 a.m., affecting the bank’s headquarters on Ganeshkhind Road.
"We have appointed a professional forensic agency to investigate this malware attack. It will submit its report in the next few days regarding the modus operandi of this and the exact amounts involved," Chairman Milind A. Kale told the media.
He said that normally the core banking system receives debit card payment requests via its 'switching system.' But during the malware attack, a proxy switch was created and the fraudulent payment approvals were passed through this proxy switching system.
On Aug. 11, around Rs. 78 crore was withdrawn from ATMs located in 28 countries through 12,000 Visa card transactions, Kale added. The funds were transferred out of the country, including to bank accounts in Hong Kong.
Another Rs. 2.50 crore from 2,849 transactions was transferred within India, details of which were being investigated by the police.
The cyber-attack came to light Aug. 11 when the bank noticed "unusual repeated transactions taking place through its Visa and Rupay Debit Card Payment System," Kale said.
As soon as these suspicious transactions were reported, the bank shutdown its Visa and Rupay debit card payment systems, pending investigation.
A police officer said that during those hours, unknown persons hacked into the ATM switch (servers) at the bank's headquarters and acquired sensitive data of its Visa and RuPay debit card customers.
However, in a fresh attack Aug. 13, the hackers initiated Society for Worldwide Interbank Financial Telecommunication transactions and transferred Rs. 13.92 crore to the accounts of a company, ALM Trading Ltd, with Hang Seng Bank, Hong Kong. The amounts were soon withdrawn from that bank.
Kale pointed out that since the malware attack was on the switch system, which is operative for the payment gateway for Visa and Rupay debit cards, and not on the Cosmos Bank's Core Banking System, "the customers' accounts and their balances are not at all affected."
"None of the fraudulent transactions is debited to any customer accounts and will not be debited in future too. The savings, term deposits and recurring accounts of the depositors are totally safe," Kale said, urging customers not to panic.
He said the bank's servers and other systems are inspected annually by the Reserve Bank of India Audit and System Audit. The Cosmos Bank was ensuring all the measures for data security and this security system was fully operational.
Established in 1906, the Pune-headquartered Cosmos Bank is the second oldest and second biggest cooperative bank in the India, and enjoys the status of a multi-state scheduled bank.
