On 3 October, SBM Group, the parent company of the State Bank of Mauritius, announced that its Indian operations had suffered a cyber-attack the day before, and that as much as $14 million could have been siphoned off a result. The attack was coordinated via a breach of the bank’s SWIFT money transfer systems.
SBM, which functions in India through a wholly-owned subsidiary, said that the holdings of its customers were unaffected. In addition to reporting the matter to Indian authorities, the bank is in the midst of conducting a full-scale review of its cyber-security protocols and attempting to recover a portion of the stolen funds. The recovery efforts seem to have paid off. This morning, SBM reported that the loss from the cyber-attack had been reduced to $4 million.
Despite the success of the recovery efforts, the breach is still a cause for concern. It is the third such cyber-attack to take place this year.
In August, Pune-based Cosmos Bank lost around $13.5 million as a result of a malware attack by Canadian hackers which led to the cloning of thousands of the company’s debit cards and ATM withdrawals in several countries. In February, Chennai-based City Union Bank, lost around $6 million as three fraudulent SWIFT transfers were made to banks in China, UAE and Turkey.
All the aforementioned banks are small in size, which actually makes them more vulnerable to cyber-fraud as their larger counterparts have the budgetary means and the scale to implement a streamlined set of cyber-security protocol and hire chief information security officers.
As banks increasingly go digital, the Reserve Bank of India has issued a warning on the breach of payment networks and transfer systems. In its annual report, the central bank said that it was working to improve its security systems and that it would also undertake a series of cyber-security assessments at Indian lenders in the current fiscal year.