Bank may be fined over hacking theft

CYBERHEIST::Two suspects have been arrested in Sri Lanka over the theft of US$60 million at Far Eastern International Bank, the Criminal Investigation Bureau said

By Ted Chen  /  Staff reporter

Tue, Oct 10, 2017 - Page 12

Far Eastern International Bank (遠東商銀) could be fined between NT$2 million and NT$10 million (US$65,842 and US$329,207) if a hacking incident at the lender was found to be a result of lax internal controls, the Financial Supervisory Commission said.

The company is expected to submit a full report on the incident to the commission before the end of this week.

It has also been ordered to process large transactions manually until it has shored up its information security measures.

A preliminary investigation by the commission’s Department of Information Management suggests that the malware which facilitated the cyberheist had infiltrated Far Eastern Bank’s systems when one of its employees opened an infected e-mail.

While US$60 million was stolen from the bank in the hacking incident, it said that losses could be contained to less than US$50,000 due to recovery and law enforcement efforts that froze the stolen funds.

The Criminal Investigation Bureau yesterday said that losses could be further reduced due to recent progress on the case in Sri Lanka.

Two suspects in the hacking incident have been arrested in Sri Lanka, the bureau said.

Meanwhile, lawmakers voiced concern about delays in the establishment of a national financial information sharing and analysis center that would provide the industry with timely security threat bulletins and counterattack resources.

The commission in March said that the center would be completed in June, Democratic Progressive Party Legislator Chiang Yung-chang (江永昌) said, calling for an industrywide information security standard.

The commission said the delay was due to procurement rules overseeing the center’s NT$46 million budget, and that the project would be completed before the end of this year.

Chinese Nationalist Party (KMT) Legislator William Tseng (曾銘宗), a former commission chairman, reminded banks that as they offer more services through digital channels to save on casts, they must also increase their investments in information security as cyberattacks become more frequent and organized.