Depositor money safe as UCPB probes P167-M cyber attack

In a statement on Thursday, the Bangko Sentral ng Pilipinas (BSP) said it is "well-aware" of the incident, adding that UCPB has been "in close coordination" with regulators since the beginning of the investigation.
BusinessWorld

MANILA, Philippines — Hackers stole P167 million from state-run United Coconut Planters Bank (UCPB), prompting regulators to examine another incident of theft that has put local banking industry in a bad light.

The Bangko Sentral ng Pilipinas (BSP), in a statement on Thursday, said authorities are "well-aware" of the incident and is “in close coordination” with UCPB, who has assured depositors their money remain safe and untouched. 

“UCPB is undertaking the necessary remedial measures to heighten cybersecurity…,” BSP said.

The incident, first reported by Bilyonaryo website, involved two Nigerian nationals who used installed a “malware” on UCPB’s systems during one of the bank’s maintenance shutdown. The malware, in turn, allowed hackers to transfer UCPB funds to their bank accounts which were then withdrawn in automated teller machines.

The central bank said UCPB is coordinating with the National Bureau of Investigation “for the investigation and eventual prosecution of the suspected criminals.”

Meanwhile, in a separate earlier statement, UCPB said: “The bank would like to assure its stakeholders that clients’ funds were not affected by the incident.”

Other details, such as the extent of penetration on UCPB’s systems, remained unclear, but the incident appears to highlight the banking industry’s vulnerability to cyber attacks despite separate efforts by lenders to strengthen their security networks.

Over 2 months ago, the Philippines was dragged into a global accounting scandal involving Wirecard AG, a German payments firm, which claimed that BDO Unibank Inc. and Bank of the Philippine Islands held the missing $2.1-billion external auditors could not find in company books. 

Investigations concluded later on that Philippine banks were merely used to make it appear that the missing funds entered the country, even if in fact, they did not.

It was a different story 4 years ago, however. At the time, $81 million from Bangladesh’s central bank was proven to have entered Rizal Commercial Banking Corp. (RCBC), another local lender. Funds were not completely retrieved and RCBC was sued with charges still being heard to date.

BSP likewise fined RCBC P1 billion, the biggest penalty meted against a bank to date.

As of March, UCPB is the country’s 11th largest bank with total assets worth P328.52 billion. 

“Rest assured, in pursuit of our cybersecurity agenda, we continue to collaborate and engage the BSP Supervised Financial Institutions (BSFIs) to ensure the safety and integrity of the financial system as well as the protection of the financial consumers,” the central bank said.

Show comments