On October 27, 2018, Bank Islami customers received automated messages, alerting them about malicious ATM transactions done using their bank accounts linked with Bank Islami. It was stated that these transactions were done from outside of the country. According to a staff member, these transactions took place in countries like USA, Russia and others, wiping out customers’ accounts and leaving them penniless.
Immediately after these automated messages, customers received another message, which stated that Bank Islami officials had temporarily shut down all the services, and customers will be kept notified regarding further actions.
Bank Islami denied any security breach, leaving the customers disappointed. The bank didn’t officially release their view on the incident until sunday night, which stated:
“On the morning of October 27, 2018, certain abnormal transactions were detected by Bank Islami on our International Payment Scheme for Debit Cards.”
“Alhamdulillah, BankIslami team immediately took precautionary steps which included shutting its International Payment Scheme. All funds withdrawn from the accounts (i.e. Rs. 2.6 Million) of our valued customers have been reversed.”
“As a precautionary measure, all transactions routing through international payment scheme (Local and International POS, ATM and eCommerce) have been stopped.”
“However, we restored our Biometric ATM cash withdrawal service for our customers, the very same day.”
“Our technical teams are working in close coordination to restore other services.”
The State Bank of Pakistan broke silence on this and instructed all the Banks including Bank Islami, to take following security measures:
- Security measures on all IT systems, including those related to card operations, are continuously updated to meet any challenges in the future.
- Resources are deployed to ensure the 24/7 real-time monitoring of card operation related systems and transactions.
- Immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.
SBP also particularly directed Bank Islami to take any necessary measures to trace the flaw in the servers by which they were exploited.
This was reported as the biggest security breach in the history of Pakistani Cyber Attacks, causing trouble for thousands of innocent account holders.