Artificial Intelligence: Rs 12.48 crore stolen by hackers: RBI fines bank for security lapse – Times of India
In a first of its kind penalty, the Reserve Bank of India (RBI) has imposed Rs 65 lakh fine on AP Mahesh Cooperative Urban Bank for non-compliance of the Cyber Security Framework for Primary (Urban) Cooperative Banks. The apex bank imposed the monetary penalty of Rs 65 lakh on AP Mahesh Co-operative Bank after the RBI‘s thorough cyber audit and the Hyderabad police investigation revealed the bank’s significant “lapses” which led to the hackers breach the bank’s systems and syphon off Rs 12.48 crore.
How the Rs 12.28 crore online robbery took place
The multi-crore online bank robbery took place on January 24, 2022. Mahesh AP Bank reported a cyber theft wherein a hacker broke into the bank’s systems and stole Rs 12.48 crore. The Police investigation revealed that hackers sent a series of phishing emails to the bank’s staff. These emails with malware were cleverly disguised and sent to bank employees. When employees opened these malicious emails, it led to cyber criminals gain full access to the bank’s systems.
The state cyber crime police reportedly arrested six, including two Nigerian nationals, for the Rs 12.48 crore.
What police and RBI investigation revealed
Police investigation revealed the bank’s alleged negligence in implementing cyber security measures. The lapses reportedly made the Hyderabad police commissioner CV Anand write to the RBI governor, highlighting the critical security lapses. He also requested for the suspension of the bank’s licence to operate.
“The current legal framework did not allow for criminal negligence charges against the bank management. Nevertheless, the city police pursued the matter with the authorities, resulting in the RBI imposing a monetary penalty of 65 lakh on Mahesh Bank,” the police commissioner claimed.
According to police, the bank did not have the required cybersecurity infrastructure that includes, as per RBI guidelines, security measures like anti-phishing application, intrusion prevention and detection systems, real-time threat defence and management systems.
How the Rs 12.28 crore online robbery took place
The multi-crore online bank robbery took place on January 24, 2022. Mahesh AP Bank reported a cyber theft wherein a hacker broke into the bank’s systems and stole Rs 12.48 crore. The Police investigation revealed that hackers sent a series of phishing emails to the bank’s staff. These emails with malware were cleverly disguised and sent to bank employees. When employees opened these malicious emails, it led to cyber criminals gain full access to the bank’s systems.
The state cyber crime police reportedly arrested six, including two Nigerian nationals, for the Rs 12.48 crore.
What police and RBI investigation revealed
Police investigation revealed the bank’s alleged negligence in implementing cyber security measures. The lapses reportedly made the Hyderabad police commissioner CV Anand write to the RBI governor, highlighting the critical security lapses. He also requested for the suspension of the bank’s licence to operate.
“The current legal framework did not allow for criminal negligence charges against the bank management. Nevertheless, the city police pursued the matter with the authorities, resulting in the RBI imposing a monetary penalty of 65 lakh on Mahesh Bank,” the police commissioner claimed.
According to police, the bank did not have the required cybersecurity infrastructure that includes, as per RBI guidelines, security measures like anti-phishing application, intrusion prevention and detection systems, real-time threat defence and management systems.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.