Mexico Says Possible Bank Hack Led to Large Cash Withdrawals

(Bloomberg) -- Several Mexican banks experienced large cash withdrawals in recent weeks after possible cyber attackers infiltrated some financial institutions, triggering unauthorized money transfers, the central bank said in an interview with Bloomberg.

Banco de Mexico has zeroed in on five financial institutions whose external connection to the central bank’s electronic payment system was compromised, Lorenza Martinez, the central bank’s head of operations said. The vulnerability let money be illegally siphoned from “fake accounts” at those firms and led to several large cash withdrawals from other banks, she said.

The five banks and brokers are working with Mexico’s attorney general to determine whether organized criminals helped orchestrate a possible attack, but Banxico is not involved in those investigations, Martinez said. She declined to name the affected companies and said it’s too early to tell how many actors are behind the incidents. A representative for the attorney general didn’t immediately comment to a request made outside of normal business hours.

It’s been two weeks since the monetary authority asked some lenders to connect to its payment transfer network using a back-up scheme after a suspected cyber attack disrupted some transfers. The measures have caused slowness in transfers for many consumers. Now, more than 20 Mexican financial institutions have enacted back-up plans.

Bloomberg reported last week that Grupo Financiero Banorte, Banco del Bajio SA and Banco del Ejercito were banks that had been directly targeted in the suspected cyber attack.
The payment system, known as the SPEI, was established in 2004 and lets users electronically transfer money between deposit accounts through a private, encrypted network operated by Mexico’s central bank.

While vulnerabilities were discovered at the end of last month, at least one bank experienced an incident as recently as this week, Martinez said. Some of the cash was withdrawn from accounts that had just recently been opened, she said.

The central bank is also probing whether the affected banks and brokerages were complying with security regulations and will ask banks to undergo more frequent stress tests in the future to ensure they can more quickly connect to the SPEI through its back-up network the next time there’s an attack.

©2018 Bloomberg L.P.