Hyderabad cops effort leads to RBI imposing penalty on Mahesh Bank
The criminal act was carried out through a series of phishing emails that were cleverly disguised and sent to bank employees
Published Date - 1 July 2023, 07:05 PM
Hyderabad: In a first, the city police cyber crime wing’s efforts have led to the Reserve Bank of India (RBI) imposing a monetary penalty on AP Mahesh Co-operative Urban Bank, Hyderabad, for ‘blatant non-compliance of the provisions of Cyber Security Framework for primary (Urban) Cooperative Banks’.
On January 24 last year, a cyber fraud incident was reported by AP Mahesh Co-operative Urban Bank Limited, wherein a hacker breached the bank’s systems and illicitly siphoned off Rs.12.48 crores.
The criminal act was carried out through a series of phishing emails that were cleverly disguised and sent to bank employees. Upon opening these malicious emails, the employees’ systems were compromised, providing the fraudsters full access to the bank’s network.
After registering a case, the Hyderabad police after a country-wide effort, arrested several persons including Nigerians who were allegedly involved in the fraud.
A press release issued by the city police on Saturday said the investigations had also revealed ‘the bank’s negligence, evident from its failure to implement cyber security measures, such as an anti-phishing application, intrusion prevention and detection systems, and real-time threat defense and management systems, as mandated by the RBI’.
Hyderabad City Police Commissioner, CV Anand, wrote to the RBI highlighting the critical lapses and requesting for the suspension of the bank’s license to operate.
Though the current legal framework did not allow for criminal negligence charges against the bank management, the city police pursued the matter which resulted in the RBI imposing a monetary penalty of Rs.65 lakhs.
“The RBI’s thorough cyber audit and the police investigation revealed the bank’s significant lapses which led to the breach. This is the first time ever that such an action has been taken against any bank. All banks should adhere to cyber security practices to avoid such loss of public money and crucial data,” said Anand.