In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach.
“According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told media.
When pressed to clarify, the official said data from “most of the banks” operating in the country had been compromised.
He said the FIA has written to all banks, and a meeting of the banks’ heads and security managements is being called.
“Banks are the custodians of the money people have stored in them,” Shoaib said. “They are also responsible if their security features are so weak that they result in pilferage.”
It wasn’t immediately clear when exactly the security breach took place.
According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.
A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people’s data, the official added.
The disclosure comes days after around 10 banks blocked all international transactions on their cards, as concerns about a breach of credit and debit card data spread in the banking circles.
Sources told the State Bank of Pakistan (SBP) has been informed by several commercial banks that they have blocked international payments on debit and credit cards as a precautionary measure after cyber attacks on their clients’ accounts.
According to a digital security website krebsonsecurity.com, data of over 8,000 account holders of about 10 Pakistani banks was sold in a market of hackers.
A large Pakistani bank sent messages to its clients that online mobile banking services would be terminated for a temporary period from November 3 onwards on ‘technical grounds’.
The first cyber attack was reported by BankIslami on October 27. The bank said that Rs2.6 million was stolen from international payment cards after which it has stopped such transactions and allowed biometrically verified payments only on ATM cards within Pakistan.
Next day, the SBP issued directives to all banks to ensure that security measures on all information technology systems — including those related to card operations — are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.