A Pakistani bank has reportedly come under one of the biggest cyber attacks in the country’s history. A group of hackers (or more) have breached the data center of Bank Islami and stolen the data of thousands of customers.
The alleged security breach first came to light on October 27 when customers of the bank received automated messages about their payment cards being used in different countries.At that time The bank denied that any data theft happened.
Immediately, State Bank of Pakistan temporarily “restricted use of its cards for “overseas transactions (only),”. However, the cardholders will be able to conduct transactions within Pakistan.
Below is the official statement from SBP Regarding this cybersecurity breach :
An official statement from BankIslami confirmed the attack
A Bank Islami account holder, speaking under the condition of anonymity, has confirmed that he received a message notifying him of his card usage at an ATM in Russia.
“A message notified me that somebody used my card somewhere in Russia, I immediately approached the bank’s helpline but the official simply did not believe my words and blamed me for the leak of particulars saying that I might have shared my bank account details with a friend or relative,” the affected customer told ProPakistani, adding that during the call he received three more messages of card usage at different locations of Russia.”
The central bank has instructed the bank to take all necessary measures to trace the vulnerability and fix it immediately.
Banks are advised to immediately report to SBP in case of any unusual incidents. SBP will continue to assess these developments in coordination with banks and take further measures, if required.
The following directives have been issued to all banks in Pakistan to ensure that:
- Security measures on all IT systems, including those related to card operations, are continuously updated to meet any challenges in the future.
- Resources are deployed to ensure the 24/7 real-time monitoring of card operation related systems and transactions.
- Immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.