RBI Imposes Fine on Bank for Security Lapse Following ₹12.48 Crore Cyber Theft

RBI Imposes Fine on Bank for Security Lapse Following ₹12.48 Crore Cyber Theft

In a significant move, the Reserve Bank of India (RBI) has slapped a ₹65 lakh fine on AP Mahesh Cooperative Urban Bank for its failure to adhere to the Cyber Security Framework for Primary (Urban) Cooperative Banks. This marks the first time such a penalty has been imposed by India’s apex bank.

Following a comprehensive cyber audit and an investigation conducted by the Hyderabad police, the RBI levied the monetary penalty on AP Mahesh Cooperative Urban Bank. The investigation brought to light significant "lapses" within the bank's security measures, which resulted in hackers breaching the bank's systems and fraudulently siphoning off ₹12.48 crore.

The online bank robbery occurred on January 24, 2022, with Mahesh AP Bank falling victim to the cyber theft. During the incident, the hackers successfully breached the bank's systems and made off with ₹12.48 crore. Following a thorough investigation by the police, it was discovered that the hackers employed a series of phishing emails as their strategy. These deceptive emails, containing malware, were cleverly disguised and sent to the bank's staff members. When the employees unwittingly opened these malicious emails, it granted the cyber criminals complete access to the bank's systems.

According to reports from the state cybercrime police, have arrested six individuals, including two Nigerian nationals, in connection with the ₹12.48 crore theft.

During the police investigation, it was revealed that the bank had allegedly been negligent in implementing adequate cyber security measures. These identified lapses prompted Hyderabad Police Commissioner CV Anand to write a letter to the RBI governor, emphasising the critical security deficiencies observed. In his correspondence, Commissioner Anand not only highlighted the lapses but also requested the suspension of the bank's licence to operate,

According to the police commissioner, despite the absence of provisions within the current legal framework to bring criminal negligence charges against the bank management, the city police diligently pursued the matter with the appropriate authorities. As a result of their efforts, the RBI took action by imposing a monetary penalty of ₹65 lakh on Mahesh AP Bank.

As per the police investigation, it was found that the bank lacked the necessary cybersecurity infrastructure, which includes key security measures mandated by RBI guidelines. These measures encompass provisions such as an anti-phishing application, intrusion prevention and detection systems, and real-time threat defence and management systems.