- News>
- India
Pune-based Cosmos bank duped of Rs 94 crore in 2 days in cyber attack
After the fraud was detected, the bank has shut down its servers, online, mobile and ATM transactions.
Pune-based Cosmos bank has been duped of Rs 94 crore through a malware attack on the server and by cloning thousands of the bank's debit cards in just two days. On 11 August, Rs 76 crore was fraudulently transferred from the bank while a day later on August 12, Rs 15 crore more were siphoned off. The money was allegedly transferred to bank accounts abroad.
After the fraud was detected, the bank has shut down its servers, online, mobile and ATM transactions.
The bank has claimed that the hackers created a parallel switch to carry out the transactions. When the security enabled by the bank asked for approval for transfers, the hackers used to give the go-ahead by the parallel switch. Visa and Rupay cards of the cooperative bank were cloned to carry out the transactions.
The bank maintained that the core banking system (CBS) was not attacked and the malware attack was only through the switch, which is operative for payment gateways of Visa and Rupay debit cards. "None of the customers' accounts were touched and it is the bank which has incurred the loss of this money," a bank official said.
On August 11, the transfers were made in two hours and thirteen minutes. Rs 13.5 crore were deposited in a Hong Kong-based bank from which withdrawals were made through 400-450 accounts using visa international cards.
"On August 11, the hackers cloned the card details and did over 12,000 transactions and transferred Rs 78 crore out of India. On the second instance, total 2,849 transactions were done in which Rs 2.5 crore was transferred within India," the FIR said. It also said that on August 13, hackers again transferred Rs 13.92 crore in a Hong Kong-based bank by using fraudulent swift transactions.
"It was Visa and Rupay who appraised about these fraudulent transactions to Reserve Bank," the official said.
An FIR has been filed at the Chatushringi police station in Pune about the malware attack. The bank is also doing internal audits to investigate the breach. A case has been registered under section 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code.