The Reserve Bank has imposed a penalty of Rs 65 lakh on city-based AP Mahesh Co-operative Urban Bank, for non-compliance with provisions of Cyber Security Framework for Primary (Urban) cooperative banks, Hyderabad Police said on Saturday.
The central bank imposed the monetary penalty of Rs 65 lakh on AP Mahesh Co-operative Bank after the RBI's thorough cyber audit and the Hyderabad police investigation revealed the bank's significant "lapses" which led to the breach pertaining to the case wherein hackers breached the bank's systems through phishing mails and siphoned off Rs 12.48 crore in January 2022.
Also Read | Fake notes: RBI files complaint against banks
"The RBI's thorough cyber audit and the police investigation revealed the bank's significant lapses which led to the breach. This is the first time ever that such an action has been taken against any Bank. All banks should adhere to cyber security practices to avoid such loss of public money and crucial data,” a release from Hyderabad Police said. After AP Mahesh Co-operative Urban Bank reported the cyber-fraud incident, a case was registered and police said the criminal act was carried out through a series of phishing emails that were cleverly disguised and sent to bank employees. Upon opening these malicious emails, the employees' systems were compromised, providing the fraudsters full access to the bank's network.
During the course of the investigation of the case several perpetrators, including Nigerian nationals, were arrested, police said.
"This investigation also revealed bank's negligence which is evident from its failure to implement Cyber security measures, such as an Anti-phishing application, Intrusion prevention and detection systems, and Real-time threat defense and management systems, as mandated by the RBI," Hyderabad Police said. These Cyber Security components are indispensable for safeguarding cyber landscape, and were found to be conspicuously absent within the bank's cyber security infrastructure, the release said adding Hyderabad Police Commissioner CV Anand, corresponded with the RBI Governor, highlighting the critical lapses and requested for the suspension of the bank's license to operate. The current legal framework did not allow for the criminal negligence charges against the bank management, it said. "Nevertheless, the Hyderabad City Police pursued the matter which resulted in the RBI imposing a monetary penalty of Rs 65 lakh on AP Mahesh Co-operative Bank,” the release added.