Hackers dupe Irish Central Bank with elaborate money transfer scam
The Irish Central Bank, which is tasked with maintaining the safety and integrity of the Republic's banking system, was duped in an elaborate money transfer scam late last year.
Special Gardai financial and online investigators are probing the transaction which has damaged the credibility of the Central Bank and its oversight of the Irish banking and financial systems.
The venerable Dame Street institution is understood to have been fooled into transferring up to €1.4m to a bogus online account believing it was a standard invoice payable to Danske Bank. However the money was actually sent to a bogus bank account in Galway.
The bank realised something suspicious was occurring before the full amount was transferred and halted the transaction. The Central Bank has confirmed that up to €32,000 is still missing.
A full review of the bank's IT systems and controls has been completed with banking procedure "updated" since the embarrassing incident.
The Central Bank plays a key role in advising on the security of online payments through its involvement with the European Banking Authority. Its credibility will have been shaken by this breach of financial protocols and its external IT systems.
"On 24 December 2014, the Central Bank of Ireland became aware of a fraud attempt in relation to the transfer of a sum of money on 23 December 2014. The Bank contacted Gardai immediately and an investigation commenced.
"The maximum exposure for the Bank is less than €32,000. The controls and the relevant procedures have since been updated to address this issue. There was no impact on the Bank's internal computer systems or data security.
"As the matter remains under investigation, the Central Bank is unable to comment further at this time," the Central Bank told the Sunday Independent.
"During 2014 a control weakness resulted in a significant irregular payment in relation to supplier services, which is currently being investigated by An Garda Siochana. The controls and the relevant procedures have since been updated to address this issue, and the bulk of this payment has been recovered.
"We confirm that the Commission has reviewed the effectiveness of the system of internal financial controls for the year ended 31 December 2014," Central Bank Governor Patrick Honohan noted in his report submitted to the Department of Finance.
The Central Bank has overhauled its IT systems as part of a significant modernisation of its technology.
"During the year the bank continued to progress the replacement of major systems in line with the defined strategy while successfully meeting all regulatory imperatives at a European level," according to the Central Bank.
"The server-side migration of the bank's technical infrastructure to a specialist third party data centre operation was completed during the year bringing technical scalability, strengthened security standards and greatly increased resilience to support the bank's business continuity needs."
This is the second major security incident involving a major Irish company or state institution in a fortnight.
On April 28, Ryanair revealed that it had been hit by a substantial fraud - of up to €4.5m - and that it has investigated a "fraudulent electronic transfer via a Chinese bank". The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot happen again.
Source: Sunday Independent