BankIslami Customers Lose Over $6 Million in Biggest Security Breach in Pakistan’s History

A well known Pakistani bank has recently reportedly come under what seems to be one of the most major cyber attacks in the country’s history. As per our sources, a group of hackers (or more) have breached the data center of Bank Islami and stolen the data of thousands of customers.

The alleged security breach first came to the light on October 27 when the customer of the bank where they received an automated message about their payment cards which are being used in different countries transactions. The bank denied that any data theft took place.

The reporters from ProPakistani has contacted the BankIslami executive officer Fahad Tariq, once the news of the data security breach has broken, he initially dismissed the claims and denied that any of the breach happened at the bank’s data center. He refused to give any kind of official version of this biggest data security breach.

However, late on Sunday night, an alert for all of the banks were issued by the State Bank of Pakistan.

A Bank Islamic account holders, speaking under the condition of anonymity, has confirmed that he received a message notifying him of his card usage at an ATM in Russia.

“A message notified me that somebody used my card somewhere in Russia, I immediately approached the bank’s helpline but the official simply did not believe my words and blamed me for the leak of particulars saying that I might have shared my bank account details with a friend or relative.

I was surprised and shocked to my core. The bank’s response was very disappointing. All my money was gone, I am left empty-handed.

The account holder were than informed via a message from the official bank that stated that all of the Bank Islami services will be shut down for short period of time, as the services gets opened will inform all of you.

A senior banker which is dealing with the cybersecurity has confirmed the news while speaking with the news sources.

“That is true to the best of my knowledge – an unidentified group of hackers had broken into the data center of the said bank and stole the valuable data of the customers. This was unknown until the bank started receiving complaints from their customers regarding the theft.” He also stated that an estimated amount of about $6 million may have been withdrawn so far.

The hackers may have used the dark web to sell the data of Bank Islami account holders for $60-70 per account.

This money has been successfully withdrawn from different locations in USA, Russia and other countries, he added.

“This is the biggest cyber attack in the banking history in Pakistan. Ever since cyber attacks started in the country, prominent banks have improved their data security and it is hard for hackers to breach in. However, several small banks have still flawed security systems and are an easy target for scammers and hackers,” said the banker.

He has also confirmed that the Bank Islami system was down for about 12 hours in a bid to stop these transactions.

As a result, the bank has currently restricted usages of its cards for overseas transactions. The affected bank has also been instructed to issue advisory on precautionary measures to be taken by customers.

SBP’s Directives

The central bank has instructed the bank to take all necessary measures to trace the vulnerability and fix it immediately.

Banks are advised to immediately report to SBP in case of any unusual incidents. SBP will continue to assess these developments in coordination with banks and take further measures, if required.

The following directives have been issued to all banks in Pakistan to ensure that:

1.  Security measures on all IT systems, including those related to card operations, are continuously updated to meet any challenges in the future.
2. Resources are deployed to ensure the 24/7 real-time monitoring of card operation related systems and transactions.
3. Immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.

BankIslami Responds

BankIslami also released its statement later on regarding the breach in data security at the bank:

On the morning of October 27, 2018, certain abnormal transactions were detected by BankIslami on our International Payment Scheme for Debit Cards.

Alhamdulillah, BankIslami team immediately took precautionary steps which included shutting its International Payment Scheme. All funds withdrawn from the accounts (i.e. Rs. 2.6 Million) of our valued customers have been reversed.

As a precautionary measure, all transactions routing through international payment scheme (Local and International POS, ATM and eCommerce) have been stopped.

However, we restored our Biometric ATM cash withdrawal service for our customers, the very same day.

Our technical teams are working in close coordination to restore other services.

BankIslami’s detailed response can be viewed here.