India’s City Union Bank (CTBK.NS) said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China.
Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened.
“This is basically a cyber attack by international cyber criminals,” he told Reuters in a phone interview.
Kamakodi added they saw “so far no evidence of any internal staff involvement,” but said “we are very clear now the account holders are part of this conspiracy.”
The disclosure from City Bank comes as India has been gripped by an announcement by Punjab National Bank (PNBK.NS) earlier this week that it had been the victim of a $1.7 billion fraud, although that case is suspected to involve the transfer of unauthorized loans from bank employees.
City Union said on Saturday it had been able to block one of the remittances, totaling $500,000, that was being sent through a Standard Chartered Bank (STAN.L) account in New York to a Dubai-based lender.
A second transfer of 300,000 euros ($372,150) was routed through a Standard Chartered Bank (STAN.L) account in Frankfurt to a Turkish account, although the Turkish lender had blocked the transfer from being finalised.
A third totaling $1 million was sent through a Bank of America (BAC.N) account in New York to a China-based bank, which Kamakodi on Sunday identified as Zhejiang Rural Credit Cooperative Union in Hangzhou, China.
Kamakodi said the lender was working with Indian authorities to work with affected countries to investigate what happened. He added City Union was also strengthening its internal monitoring systems.
Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds.
Banking security experts said Indian banks that rely on the SWIFT messaging platform needed to be more vigilant. Industry experts say more than 100 financial institutions in India are connected with SWIFT including the central bank.
Reporting by Devidutta Tripathy; Writing by Rafael Nam; Editing by Kim Coghill