Task force formed to probe bank hacking
MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) has formed a task force to probe the spate of fraudulent online transactions that affected “close to 700” clients of BDO Unibank last weekend.
In a press briefing, BSP Governor Benjamin Diokno said he had instructed the task force to submit a report to him within 30 days as to the extent of the incident, recommendations to prevent a recurrence and remedial measures.
“We are forming a task force composed of cyber and antimoney laundering specialists and legal officers to determine the root causes and possible lapses in this incident,” the central bank chief said.
The task force will be composed of Deputy Governor Chuchi Fonacier who is in charge of financial supervision, Technology Risk and Innovation Supervision director Mel Plabasan, central bank’s legal officers and the Anti-Money Laundering Council.
“Guided by relevant laws and regulations, penalties or sanctions may be imposed depending on the results of the examination,” he added.
Article continues after this advertisementLast weekend, BDO reported that some clients were hit by a “sophisticated fraud technique” perpetrated through its online banking platform.
Article continues after this advertisement‘Cyber forensic investigation’
“BDO confirmed in their statement that the incident emanated from their 10-year-old web service that is due for phaseout early next year,” Diokno said. “We also know that some customers reported that they did not click on any links nor were they asked to supply sensitive information. So we are in close coordination with BDO and will update the public on this matter.”
The central bank chief said getting to the bottom of this incident would require “a complex cyber forensic investigation to determine the actual number of affected customers and how much they have lost.”
Diokno said he had received assurances from BDO that affected customers would be reimbursed for their losses. “And we will make sure that this will happen as soon as possible,” he said.
He added that the central bank will also investigate the incident to identify vulnerabilities and noncompliance with expectations in managing cyber and anti-money laundering risks.
As this developed, BDO Unibank said reimbursements were underway for its close to 700 clients affected by the recent “sophisticated” online fraud.
“We have requested our clients to go to their branch of account and submit documentation to get the refund. The bank will shoulder the losses perpetrated by this cybercrime incident,” BDO said in a statement on Tuesday.
For its part, Aboitiz-led Union Bank of the Philippines has frozen around P5 million from “mule accounts” used as vehicles by cybercriminals who stole money from the BDO accounts.
The unauthorized withdrawals from BDO were transferred to the scammers’ accounts at UnionBank.
BDO added that it had been working closely with the appropriate authorities and the BSP to prevent further occurrence.
Citing a report from the Bankers Association of the Philippines, UnionBank said the banking community had so far tracked about 200 syndicates behind hacking activities in the country this year.