In a first, Hyderabad City Police Cyber Crime Wing’s efforts leads to RBI imposing a Monetary Penalty on AP Mahesh Co-operative Urban Bank Ltd., Hyderabad for blatant non-compliance of the provisions of Cyber Security Framework for primary(Urban) cooperative banks.
On January 24th , 2022, a cyber-fraud incident was reported by AP Mahesh Co-operative Urban Bank Limited, wherein a sophisticated hacker breached the bank's systems and illicitly siphoned off Rs.12.48 crores. The criminal act was carried out through a series of phishing emails that were cleverly disguised and sent to bank employees. Upon opening these malicious emails, the employees' systems were compromised, providing the fraudsters full access to the bank's network .
In this regard a case in Cr.No.118/2022, U/Sec 66 r/w 43 66(C) 66(D) ITA Act-2000 & U/Sec 419/420 IPC was registered in Cyber Crime Police Station, Hyderabad.This sensational case necessitated a country wide, and after enormous efforts by multiple police teams several perpetrators, including Nigerian nationals, were arrested. This investigation also revealed bank's negligence which is evident from its failure to implement Cyber security measures, such as an Anti-phishing application, Intrusion prevention and detection systems, and Real-time threat defense and management systems, as mandated by the RBI.
The aforesaid Cyber Security components are indispensable for safeguarding cyber landscape, and found to be conspicuously absent within the bank's cyber security infrastructure. Hyderabad City Police Commissioner, Mr. CV Anand, corresponded with the RBI Governor, highlighting the critical lapses and requesting for the suspension of the bank's license to operate.The current legal framework did not allow for the criminal negligence charges against the bank management. Nevertheless, the City Police pursued the matter which resulted in the RBI imposing a monetary penalty of Rs.65 lakhs on AP Mahesh Co-operative Bank Ltd.
The RBI's thorough cyber audit and the police investigation revealed the bank's significant lapses which led to the breach. This is the first time ever that such an action has been taken against any Bank. All banks should adhere to cybersecurity practices to avoid such loss of public money and crucial data.
No comments:
Post a Comment