Habib Bank has informed the State Bank of Pakistan (SBP) and Federal Investigation Agency that online thieves had stolen at least Rs 10 million from 600 bank accounts across several banks (FIA).
The thieves transferred ATM users' money to other accounts, where it was then withdrawn using debit cards.
To do this, they employed devices to obtain ATM users' PIN numbers and personal data.
The clients would be reimbursed by the victimised banks.
Source: https://dunyanews.tv/en/Pakistan/417385-Cyber-heist:-600-bank-accounts-hacked-for-Rs-10million
TPRM report: https://scoringcyber.rankiteo.com/company/hblofficial
"id": "hbl33820323",
"linkid": "hblofficial",
"type": "Breach",
"date": "12/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '600',
'industry': 'Financial Services',
'location': 'Pakistan',
'name': 'Habib Bank',
'type': 'Bank'}],
'attack_vector': 'ATM Skimming',
'data_breach': {'type_of_data_compromised': 'PIN numbers and personal data'},
'description': 'Online thieves stole at least Rs 10 million from 600 bank '
"accounts across several banks by transferring ATM users' "
'money to other accounts and withdrawing it using debit cards. '
"The thieves used devices to obtain ATM users' PIN numbers and "
'personal data. The affected banks will reimburse the '
'customers.',
'impact': {'data_compromised': 'PIN numbers and personal data',
'financial_loss': 'Rs 10 million'},
'initial_access_broker': {'entry_point': 'ATM Skimming Devices'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Customer reimbursement',
'root_causes': 'Weak ATM Security'},
'response': {'law_enforcement_notified': ['State Bank of Pakistan',
'Federal Investigation Agency'],
'recovery_measures': 'Customer reimbursement'},
'threat_actor': 'Online Thieves',
'title': 'ATM Fraud at Habib Bank',
'type': 'Financial Fraud',
'vulnerability_exploited': 'Weak ATM Security'}