RBI Imposes Fine on Bank for Security Lapse as Hackers Steal Rs 12.48 Crore

RBI Imposes Fine on Bank for Security Lapse as Hackers Steal Rs 12.48 Crore

The Reserve Bank of India (RBI) has imposed a fine of Rs 65 lakh on AP Mahesh Cooperative Urban Bank, marking a significant penalty in response to the bank’s non-compliance with the Cyber Security Framework for Primary (Urban) Cooperative Banks. This development comes after a thorough cyber audit conducted by the RBI and an investigation by the Hyderabad police, which revealed notable “lapses” within the bank’s systems.

The breach resulted in hackers successfully infiltrating the bank’s security measures and siphoning off a substantial sum of Rs 12.48 crore. The severity of the security vulnerabilities and subsequent financial loss prompted the RBI to take swift action in the form of a monetary penalty.

This penalty serves as a significant precedent, as it is the first of its kind imposed by the RBI on a cooperative bank for non-compliance with the Cyber Security Framework. The central bank’s decision to impose the Rs 65 lakh fine underscores the importance of robust cyber security measures and adherence to regulatory guidelines in safeguarding financial systems against potential cyber threats. It sends a strong message to other banks and financial institutions regarding the criticality of maintaining robust cyber security protocols to protect customer data and prevent unauthorized access to sensitive information.

Unraveling the Rs 12.48 Crore Online Bank Robbery: Method and Investigation
Following the multi-crore online bank robbery on January 24, 2022, Mahesh AP Bank experienced a significant cyber theft, resulting in a loss of Rs 12.48 crore. An investigation conducted by the state cyber crime police uncovered crucial details regarding the incident. It was discovered that the hackers responsible for the breach employed a series of phishing emails to deceive the bank’s staff. These fraudulent emails, containing malware, were skillfully disguised and sent to unsuspecting employees. Upon opening these malicious emails, the cybercriminals gained complete access to the bank’s systems.

In a significant development, the state cybercrime police made six arrests in connection with the Rs 12.48 crore online bank robbery. Among those apprehended were two Nigerian nationals, highlighting the international dimension of this cybercrime. The arrests mark a crucial step towards bringing the perpetrators to justice and send a strong message that such criminal activities will not go unpunished.

The arrests made by the state cybercrime police highlight the collaborative efforts between law enforcement agencies and their dedication to combatting cybercrime. It serves as a reminder of the importance of international cooperation in addressing such sophisticated cyber threats. The investigation and subsequent arrests not only provide a sense of justice for the affected bank but also serve as a deterrent to potential cyber criminals, underscoring the commitment to maintaining the security and integrity of the banking system. Moving forward, it is imperative for financial institutions to continually enhance their cybersecurity measures and stay vigilant against evolving cyber threats.

What police and RBI investigation revealed

The police investigation into the online bank robbery uncovered alleged negligence on the part of the bank in implementing adequate cyber security measures. The findings of the investigation revealed significant lapses in the bank’s security protocols, raising concerns about the vulnerability of its systems. These lapses were reportedly severe enough for the Hyderabad police commissioner, CV Anand, to write to the RBI governor, drawing attention to the critical security shortcomings.

In the letter addressed to the RBI governor, CV Anand emphasized the seriousness of the security lapses identified during the investigation. He expressed his concerns regarding the potential risks posed by these vulnerabilities and the implications for the bank’s operations. The police commissioner’s letter also included a request for the suspension of the bank’s license to operate, reflecting the gravity of the situation and the need for immediate action to address the security concerns.

The revelation of the alleged negligence in implementing cyber security measures by the bank has triggered a response from the police and RBI. It underscores the importance of robust security protocols and compliance with regulatory guidelines to safeguard financial institutions and customer data from cyber threats. The findings of the investigation and subsequent actions taken by the authorities serve as a reminder of the criticality of maintaining strong cyber security measures within the banking industry to protect against potential breaches and unauthorized access.

According to the police commissioner, the existing legal framework did not permit the filing of criminal negligence charges against the bank management. However, the city police persisted in pursuing the matter with the relevant authorities. As a result, the RBI took action by imposing a monetary penalty of 65 lakhs on Mahesh Bank, holding them accountable for the identified lapses.

The police further revealed that the bank lacked the necessary cybersecurity infrastructure as mandated by RBI guidelines. This includes essential security measures such as an anti-phishing application, intrusion prevention, and detection systems, as well as real-time threat defense and management systems. The absence of these critical security measures raises concerns about the bank’s ability to effectively safeguard against cyber threats and protect the integrity of its systems.