Cyber-criminals steal £11 million from Maltese bank

News by Rene Millman

Hackers stole €13 million (£11m) from the biggest bank in Malta and routed it to banks in the UK, US, Hong Kong and Czechia, according to local media reports.

The Bank of Valletta in Malta was forced to shut down all of its IT systems after hackers stole around €13 million (£11.3 million) from its reserves.

The Maltese bank found the intrusion during its reconciliation of international transfers. According to reports from the Times of Malta, all of the bank’s functions – including branches, ATMs, mobile banking and even email services – were suspended and its website taken offline. 

According to reports in local media, transactions were made to bank accounts in four destinations in the US, the UK, Czechia and Hong Kong.

In a statement to the Maltese parliament, prime minister Joseph Muscat said the bank was working with law enforcement at home and internationally to find the attackers. The hackers are thought to be based outside of Malta.

"The reason for my statement is to put people's minds at rest that their money is safe in the bank," said Muscat. He added that the bank had launched its own investigations.

"It is no joke having a bank that controls half the economy shut down for a whole business day, but at this stage caution trumped every other consideration," he was reported to have said.

In a following statement, the Bank of Valletta said that it has now resumed several services.

"The Bank once again wants to reassure its clients that customer deposits and customer accounts were in no way affected by this cyber-attack. This unfortunate incident proved that the contingency plans in place and the preventive measures taken by Bank of Valletta were appropriate and that these measures safeguarded the bank, its customers and stakeholders," the statement read.

Javvad Malik, security advocate at AlienVault, told SC Media UK that as more companies become largely digital, they need to take into account the risks associated in a holistic manner.

"It is no longer enough to implement security simply at one level such as the website or the app. Rather security needs to be baked in all the way across the endpoint, network, to the servers," he said. "Additionally, detection and response controls need to be in place and tested to gain assurance that during an incident core business functions can be maintained."

Felix Rosbach, product manager at comforte AG, told SC that banks are naturally the target of many breaches due to the highly sensitive data stored.

"Payment data is extremely useful for hackers to commit fraud, and they can make a lot of money from selling this information on the dark web. The targeting of banks is also popular among hacktivist groups with non-commercial interests," he said.

"Banking is all about trust but, with an increasing attack surface, it’s nearly impossible to prevent breaches. The most important thing payment organisations can do is protect customer data and make sure that their accounts are not affected, with their privacy protected whenever a breach happens."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews