The Reserve Bank of India (RBI) fined AP Mahesh Cooperative Urban Bank Rs 65 lakh in a first-of-its-kind sanction for failing to comply with the Cyber Security Framework for Primary (Urban) Cooperative Banks. Following a thorough cyber audit by the RBI and an inquiry by the Hyderabad police, the apex bank fined AP Mahesh Co-operative Bank Rs 65 lakh for the serious “lapses” that allowed hackers to access the bank’s computers and steal Rs 12.48 crore.
How the Rs. 12.28 billion online heists was carried out
On January 24, 2022, a massive internet bank robbery took place. In a cyberattack, a hacker gained access to Mahesh AP Bank’s computers and stole Rs 12.48 crore, the bank stated. According to the police investigation, hackers targeted employees of the bank with many phishing emails. These malicious emails were delivered to bank personnel in an artfully disguised manner. Employees read these bogus emails, which allowed hackers to take complete control of the bank’s systems.
According to reports, the state cyber crime police detained six people for the Rs 12.48 crore, including two Nigerian nationals.
What the RBI and police investigation showed
The results of the police inquiry exposed the bank’s apparent carelessness in putting cyber security measures in place. According to reports, the serious security flaws prompted Hyderabad police commissioner CV Anand to write to the RBI governor. He also asked for the operating licence of the bank to be suspended.
The management of the bank was not subject to criminal negligence charges under the current legal system. However, the city police continued to pursue the issue with the authorities, which led to the RBI fining Mahesh Bank 65 lakh, according to the police commissioner.
The bank allegedly lacked the necessary cybersecurity infrastructure, which according to RBI recommendations should have included security tools including anti-phishing software, intrusion prevention and detection systems, real-time threat defence, and management systems.
