The Reserve Bank of India (RBI) has imposed a penalty of Rs 65 lakh on AP Mahesh Cooperative Urban Bank for failing to comply with the Cyber Security Framework for Cooperative Banks.
The penalty follows a cyber audit by the RBI and investigations by the Hyderabad police, which revealed serious flaws in the bank’s systems. These flaws enabled hackers to breach the bank’s security and steal an enormous sum of Rs 12.48 crore.
On January 24, 2022, AP Mahesh Co-operative Bank experienced a daring online robbery that resulted in a loss of Rs 12.48 crore. The police investigation revealed how the hackers operated. They sent carefully crafted phishing emails to the bank’s employees, which contained harmful malware. Unaware of the danger, the employees unknowingly opened these emails, granting the hackers complete control over the bank’s internal systems.
As a result of this breach, the hackers were able to transfer funds without authorisation.
During the investigations carried out by the police and RBI, significant weaknesses were discovered in the cybersecurity measures of AP Mahesh Cooperative Urban Bank.
These vulnerabilities were serious enough for Hyderabad police commissioner, CV Anand, to write to the RBI governor, expressing concern about the bank’s critical security deficiencies.
Commissioner Anand even recommended suspending the bank’s operating license due to the severity of the negligence observed.