Hackers Siphon 300 Million Pesos from Five Mexican Financial Institutions

The fallout continues as Mexico’s central bank admitted that hackers sucked out around 300 million pesos (approx. $15 million) in fraudulent transfers from five financial institutions.

In confirming the theft on Wednesday, Bank of Mexico governor Alejandro Diaz de Leon said authorities were still clamoring to see how cybercriminals had first tapped into the banks’ software to the country’s banking system to send out false orders after detecting them intrusions in late April.

The central bank chief said preliminary estimates of an ongoing investigation points to around 300 million in “irregular transactions” while insisting that some portion of that sum had not been withdrawn by hackers and could still be recovered. Citing sources, Reuters is reporting that the aftermath of the massive fraudulent transfer outlay led to simultaneous cash withdrawals from dozens of banks around the country soon after ‘hundreds’ of faux transfers.

The central bank chief did not identify the institutions affected but did confirm that three banks, a credit union and a broker had all seen fake transfers.

Diaz de Leon added:

“We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security.”

Despite the compromise of the banking system, the central bank official claimed Mexico’s electronic payments system, dubbed SEPI, was not attacked nor compromised directly. SEPI is similar to the global interbanking system SWIFT, which moves trillions of dollars each day.

The authority said it would develop and dole out guidelines on information security for the country’s banks. Despite reports to the contrary, Diaz de Leon insisted that the central bank had an in-house cybersecurity unit since 2013.

The theft draws parallels to one of the largest ever cyber heists when hackers stole $81 million from Bangladesh’s central bank in 2016.

Image credit: Pexels.