Cosmos Bank: India’s second largest corporative bank got hacked overnight

Pune headquartered Cosmos bank has experienced the biggest cyber-attack till date. Possibly the scariest nightmare for a banking institution operating at such a big scale. The FIR lodged at the Chatushrungi police station in Pune states that the money was allegedly transferred to bank accounts outside the country. Also, the banks’ management stated that there was a malware vulnerability in the ATM located at the bank’s headquarters.

How did the hackers get access to the accounts?

The attackers launched a malware attack on the ATM switch server where the amount was moved to foreign locations. They were able to get the amount approved by the bank to bypass the rigid online security measures. The unidentified hackers successfully carried out 15,000 transactions between 3 pm and 10 pm on Aug 11.


Initially, an amount of ₹ 80.5 crores was transferred to a bank located outside India. These transactions were carried out using around 14,849 debit cards. The other ₹ 13.92 crores were transferred in a SWIFT transaction.

The reports also stated that the amount (₹ 78 crores) that was being transferred had left some trails in Hong Kong. An added transaction of ₹ 2.5 crores was carried in India through National Payments Corporation of India (NPCI) and VISA as well.

What was the Impact?

There was an information leak of almost thousands of debit card holders and around 500 customer accounts were affected in this malware attack. Questions were raised about the bank’s security and if they would be able to cope with the loss of their customer’s loyalty.


Now, the question arises as of why being one of the largest banks in the country, Cosmos banks was caught under such a massive breach?

Most of the cyber exploits or hacks are affecting the banking industry is because of the negligent attitude of management towards cyber security. Organizations should strictly make sure that they secure their network security and should be ensured that they are updated with the latest industry standard security protocols.

The cyber attack has also raised a more few more eyebrows and doubts on the cyber resilience of the country’s cooperative banks. Though banks may implement a state-of-art physical security or a stringent surveillance system, they still will remain vulnerable towards such cyber-attacks. Institutions need to ensure that they are holistically securing the three most important elements of cyber security, i.e. People, Process, and Technology.

Leave a Reply