Cosmos Bank’s server hacked; Rs 94 cr siphoned off in 2 days

Pune-based Cosmos Co-operative Bank has reported fraudulent withdrawals amounting to Rs 94 crore due to cyber attacks, including malware attack, on its debit card payment system and SWIFT transaction. 

The 112-year-old bank said about Rs 78 crore was withdrawn through various ATMs located across 28 countries. In a statement, the bank said this includes 12,000 VISA card transactions.

In the same way, the bank said about Rs 2.50 crore was withdrawn through 2,800 debit card transactions in India at various locations.

According to reports, Rs 13.9 crore was transferred through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.

The bank came to know about the malware attack on its debit card payment system on August 11. It observed that unusual repeated transactions were taking place through ATM VISA and RuPay card for nearly two hours.

"...As soon as the suspicious transactions were reported, the bank immediately shut down its VISA and RuPay debit card payment system.

"The core banking system (CBS) of the bank receives debit card payment requests via 'switching system'. During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system," said the statement.

Cosmos Bank said none of the fraudulent transactions have been debited to any of the customer's account and will not be debited in future too. It added that the savings, term deposits and recurring accounts of the depositors are totally safe.

The statement underscored: "As it is a malware attack on the Switch which is operative for the payment gateway of VISA/RuPay debit cards and not on the CBS of the bank, the customers' accounts and its balances are not at all affected."

The bank has appointed a professional forensic agency to investigate the malware attack. The agency will submit its report in the next few days regarding the modus operandi of the attack and the exact amount involved therein.