Mexico’s Central Bank Confirms Cyberattack Heists Cost Up To $20 Million

Security Vulnerability

Mexico’s central bank has mandated a one-day waiting period on all electronic money transfers over $2,500 after a hacking attack may have stolen as much as $20 million from multiple Mexican banks.

According to an Associated Press report on Tuesday, the head of Mexico’s central bank Alejandro Diaz de Leon acknowledged that a ‘cyberattack’ was the reason behind a number of transfers of between $18 million and $20 million.

The head of Mexico’s bankers’ association told local media on Tuesday that cybercriminals had essentially duplicated valid settlement payments between banks wherein the hackers sent requests for wire transfers from banks to their own accounts which they quickly emptied after receipt.

At least five attacks were carried out on the central bank’s interbank payments system in April and May, according to the authority’s director general of corporate payments and services system Lorenza Martinez. The Interbank Electronic Payments System (SPEI) allows banks to make real-time transfers to each other.

“Some transactions were introduced that were not recognized by the issuing bank,” she told a radio station without mentioning the affected banks. “In some cases these transfers made it through to the destination bank and were withdrawn in cash.”

The official added that the money stolen belonged to the banks and clients’ funds weren’t affected.

The central bank has since issued a memo to banks, suggesting them to impose a one-day waiting period for customers and only pay out transfers for those that the banks know and trust.

In an embarrassing turn, the central bank was revealed to not have a cybersecurity division until Tuesday when a decree mandated the authority to establish the arm. While Mexicans won’t be impacted by the breach, the banks themselves could feel the pinch by taking the hit on the stolen money.

Image credit: Pixabay.