The RBI's thorough cyber audit and the police investigation revealed the bank's significant lapses which led to the breach. (Representational Photo: DC)
HYDERABAD: The RBI levied a penalty of Rs 65 lakh on AP Mahesh Cooperative Urban Bank Ltd for blatant non-compliance with cybersecurity framework provisions, due to which hackers siphoned off Rs 12.48 crore from the bank in January.
The action comes on the Hyderabad city police’s probe, which led to a countrywide search and multiple police teams making arrests of perpetrators, including Nigerian nationals.
The cybercrime took place on January 24, when hackers breached the bank’s system and stole the money from customers’ accounts using advanced technology, as the bank did not have adequate software protection, the police said.
According to the police account, the criminal act was carried out through a series of phishing emails that were disguised and sent to bank employees. Upon opening these malicious emails, the employees’ systems were compromised, providing the fraudsters full access to the bank network.
A case under sections 66 and 43, 66(C) and 66(D) of the IT Act and sections 419 and 420 of the IPC was registered.
During the probe, the police found negligence on the bank’s part as it failed to implement cyber security measures, such as anti-phishing applications, intrusion prevention and detection system, and a real-time threat defence and management system, as mandated by the RBI.
C.V. Anand, the city police commissioner, also corresponded with the RBI Governor, highlighting the critical lapses and requesting the suspension of the bank’s operational licence.
Even as the current legal framework did not allow for criminal negligence charges against the bank management, the city police have been pursuing the matter, which resulted in the RBI action.
"The RBI’s thorough cyber audit and the police investigation revealed the bank's significant lapses which led to the breach. This is the first time ever that such an action has been taken against any bank. All banks should adhere to cyber security practices to avoid such loss of public money and crucial data," C.V. Anand was quoted as saying in a press release on Saturday.