Cosmos Bank’s server hacked, ₹ 94 crore siphoned off in 2 days
Hackers cloned Cosmos Bank debit cards, those of Visa and Rupay over a period of two days and used them to siphon cash on 11 and 13 August
Pune: Hackers managed to transfer over ₹ 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a senior bank official said. The fraudulent transactions were carried out on 11 August and 13 August through 25 ATMs located in Canada, Hong Kong and a few in India. The Cosmos bank debit cards that were cloned were of Visa and Rupay.
“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said. The bank maintained that the core banking system (CBS) was not attacked and the malware attack was on the switch, which is operative for payment gateways of Visa and Rupay debit cards. “None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.
While cloning the Visa and Rupay debit cards of bank account holders and using a “parallel” system to the National Payment Corporation of India (NPCI), the hackers self-approved the transactions and withdrew over ₹ 94 crore on two to three occasions, the official added. “It was Visa and Rupay who appraised about these fraudulent transactions to Reserve Bank.”
Realising the cyber attack, the bank then registered an FIR with the Chatushringi police station.
As a precautionary measure, the bank has closed all its servers and net banking facilities, according to the official.
According to the FIR, the hackers used an unidentified malware to hack the system and clone card details of the bank customers.
“On August 11, the hackers cloned the card details and did over 12,000 transactions and transferred ₹ 78 crore out of India. On the second instance, total 2,849 transactions were done in which ₹ 2.5 crore was transferred within India,” the FIR said.
It also said that on 13 August, hackers again transferred ₹ 13.92 crore in a Hong Kong-based bank by using fraudulent swift transactions. A case has been registered under section 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of Indian Penal Code.
- No concern on liquidity of NBFCs: SBI chairman Rajnish Kumar
- Infosys, TCS, 3 other IT firms shortlisted to implement RBI’s CIMS
- Over 40% firms feel RBI may further hike rates: CII survey
- Taiwan takes India to WTO’s safeguard committee on solar duty
- ONGC Videsh slapped with ₹7,666 crore service tax demand
Editor's Picks »
- Ransomware, fileless attacks and cold boot give firms the shivers
- VMware: Taking the smart cloud to where data resides
- Internet of Things (IoT) startups that improve efficiency
- Regional languages give Indian startups a voice of their own
- DHFL, IL&FS aftermath: RBI and Sebi join hands to calm volatile markets
- India’s renewable energy sector hits a milestone but loses speed
- All eyes now on share swap ratio in this mega bank merger
- Jet Privilege can actually get higher valuation than Jet Airways
- Profitability of cement firms to take a hit due to weak prices, high costs
- Pidilite’s shares hold their ground despite weak rupee and rising crude