wordpress blog stats
Connect with us

Hi, what are you looking for?

“Negligence comes at a cost!”: RBI imposes fine on AP Mahesh Bank for lax cybersecurity practices

The fine follows the investigation carried out by the Hyderabad Police on the hack at AP Mahesh Bank that took place last year

The Reserve Bank of India (RBI) has imposed a monetary penalty of Rs 65 lakhs on AP Mahesh Co-Operative Urban Bank for not adhering to the cyber security norms set by the central bank – the Hyderabad Police tweeted on July 1.

The fine follows the investigation carried out by the Hyderabad Police on the hack at AP Mahesh Bank that took place last year, as well as RBI’s investigation of the bank.

“The IT examination of the bank by RBI and an Investigation Report conducted in reference to a cyber security incident revealed inter alia, that the bank had failed to put in place certain mandated controls which led to the cyber security incident,” the central bank stated in a press release dated June 19.

 

 


STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today! 


Why does this matter: RBI’s action against AP Mahesh Bank for lax cybersecurity practices should serve as a cautionary tale for others, given the rise in the number of cyberattacks targeted at financial entities: In 2021, Punjab National Bank reportedly exposed the personal and financial data of over 180 million customers, in 2022, sensitive data of 1.2 million cardholders, including customers of State Bank of India, was reportedly leaked, and most recently, in March this year, HDFC Bank’s subsidiary HDB Financial Services suffered from data breach containing personal and financial data of thousands of loan borrowers.

What norms did AP Mahesh Bank violate: According to RBI, AP Mahesh Bank was found to be in non-compliance with the following cybersecurity directions issued by RBI:

  • Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)
  • Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach
  • Internet Banking Facility for Customers of Cooperative Banks

What happened in the AP Mahesh Bank hack last year: In January 2022, AP Mahesh Bank revealed that cybercriminals hacked into the servers of the bank and siphoned over ₹12 crores to over a hundred different accounts. Upon discovering this, the Bank filed a complaint with the Cyber Crime police in Hyderabad.

In March 2022, the Hyderabad police revealed that the hack was due to the negligence of the bank, its employees, and its poor cybersecurity infrastructure. While the police arrested over 22 people from across the country in connection to the hack, the main accused remained elusive.

Advertisement. Scroll to continue reading.

“The main hacker, Nigerian, who we think is in London, sent about 200 phishing mails on November 4, 10, and 16 last year from his computer to Mahesh Co-operative bank employees. After sending the emails, he waited for a little bit, and then two employees of Mahesh Bank clicked on the link. In the link, there was a Remote Access Trojan (RAT) virus.  After clicking it once, the hackers had access to the bank’s systems,” Hyderabad City Police Commissioner CV Anand explained.

We’ve covered the modus operandi used by the hackers in more detail here.

How bad were the cybersecurity practices at AP Mahesh Bank? Hyderabad Police last March listed the following bad cybersecurity practices at the bank:

  • Multiple master admins with common users IDs and passwords
  • No firewall
  • Employees opened unknown emails and downloaded malware attachments
  • No proper cybersecurity training for employees
  • No proper network infrastructure
  • Did not have an anti-phishing application
  • Bank headquarters connected to branches without proper network policy i.e., using proxies.
  • Did not use VPNs to mitigate the hacking incidents
  • Did not use Intrusion Detection System mechanism (IDS) and Intrusion Prevention System mechanism (IPS) to prevent and detect vulnerability exploits

The Hyderabad Police chided AP Mahesh Bank for spending only Rs 10 lakhs on cybersecurity while other banks spend thousands of crores.

“Generally, there are two-three master admins in every bank. However, Mahesh bank had about 10 master admins due to carelessness. They also used common user IDs and passwords. These 10 super admins can access the bank’s database — customers, bank accounts, details about how much money are in these accounts and so on.” — Hyderabad City Police Commissioner CV Anand (March 2022)


This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read

Written By

Free Reads

News

The Commission received complaints against ULLU by the group ‘Gems of Bollywood’,  for sharing “extremely obscene and objectionable content secretively to its subscribers, including...

News

This case highlights a curious intersection of copyright and critique in the digital content world.

News

Google will also provide news organizations and fact checkers with essential training in advanced fact-checking methodologies, deepfake detection, and Google tools like the Fact...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ