I wrote recently about the Panama Papers, probably the largest and most significant data breach of our times.
While the dust has settled for now, the breach cost the Icelandic Prime Minister his job and caused severe embarrassment to the British Prime Minister.
Well, how about following that with the sobering tale of the world’s largest cyber heist to date?
News is only now coming to light about the heist, which took place in February.
Nearly $81 million was illegally transferred using the SWIFT interbank network from the Bangladesh Central Bank’s account with the Federal Reserve Bank of New York.
The funds were transferred from New York to a Chinese businessman’s account in the Philippines.
They were then transferred to local Filipino casinos for laundering, and the businessman in question – whose accounts have now been frozen – claims that his signatures on the fraudulent transactions had been forged.
The fraudulent transfers took place on Friday February 5th, a day when the Bangladesh bank was closed, but the fraudulent transactions were not identified until the next day due to a ‘printer problem’. The Federal Reserve Bank was then closed over the weekend, meaning that a full response was not possible until the following Monday – which was, in turn, a public holiday in the Philippines.
Details of the hack were kept from the Bangladesh government for ‘several weeks’.
While the governor and two deputy governors of the Bangladesh Central Bank have been replaced following the breach and the Bangladesh banking system branded ‘incompetent’, it could have been much, much worse.
The criminals requested a total of 35 transfers from the New York Bank, but internal security checks and typing errors – they mis-spelled the names of some depositors – prevented a much larger fraud.
Had the hackers achieved their goals they would have netted an eye watering $951 million.
The moral of this salutary tale?
Well the while we’re not aware that personal data was compromised in the breach it’s clear that there was some complacency in the bank – the bank’s joint director Zubair bin Huda said “Since such glitches happened before, we thought it was a common problem just like any other day.”
I would suggest that Bangladesh Central Bank’s Incident Response procedures were lacking, and the fact that bank employees delayed informing their supervisors further compromised the Banks capacity to respond.
We can help companies to develop effective breach and incident response procedures, get in touch and see how Compliance3 can help your company.