Cosmos Bank’s server hacked, ₹ 94 crore siphoned off in 2 days
Hackers cloned Cosmos Bank debit cards, those of Visa and Rupay over a period of two days and used them to siphon cash on 11 and 13 August
Pune: Hackers managed to transfer over ₹ 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a senior bank official said. The fraudulent transactions were carried out on 11 August and 13 August through 25 ATMs located in Canada, Hong Kong and a few in India. The Cosmos bank debit cards that were cloned were of Visa and Rupay.
“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said. The bank maintained that the core banking system (CBS) was not attacked and the malware attack was on the switch, which is operative for payment gateways of Visa and Rupay debit cards. “None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.
While cloning the Visa and Rupay debit cards of bank account holders and using a “parallel” system to the National Payment Corporation of India (NPCI), the hackers self-approved the transactions and withdrew over ₹ 94 crore on two to three occasions, the official added. “It was Visa and Rupay who appraised about these fraudulent transactions to Reserve Bank.”
Realising the cyber attack, the bank then registered an FIR with the Chatushringi police station.
As a precautionary measure, the bank has closed all its servers and net banking facilities, according to the official.
According to the FIR, the hackers used an unidentified malware to hack the system and clone card details of the bank customers.
“On August 11, the hackers cloned the card details and did over 12,000 transactions and transferred ₹ 78 crore out of India. On the second instance, total 2,849 transactions were done in which ₹ 2.5 crore was transferred within India,” the FIR said.
It also said that on 13 August, hackers again transferred ₹ 13.92 crore in a Hong Kong-based bank by using fraudulent swift transactions. A case has been registered under section 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code.
- Government, telcos meet this month to find solution to call drops, poor quality of service
- ITC launches four variants of Sunfeast Yippee noodles
- Most PCA banks meet priority sector lending goals for MSMEs, shows analysis
- Govt wants RBI to set up committees to oversee different functions
- Banks paid premium of ₹119 per share for majority stake in CapitaWorld
Editor's Picks »
- Future Retail’s Q2 result shows improvement in same-store sales
- Private insurance firms grow at the expense of LIC stuck with a sick bank
- Page Industries’s lofty valuations get a reality check in Q2
- Q2 results: Grasim’s Vodafone Idea stake is proving costly
- How Vodafone Idea’s $3.5 bn fundraising will impact telecom in India