In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from "almost all" Pakistani banks was stolen in a recent security breach.
"According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked," FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday.
When pressed to clarify, the official said data from "most of the banks" operating in the country had been compromised.
Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. "The hackers have stolen large amounts of money from people's accounts," he added.
"The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks," he observed.
He said the FIA has written to all banks, and a meeting of the banks' heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.
"Banks are the custodians of the money people have stored in them," Shoaib said. "They are also responsible if their security features are so weak that they result in pilferage."
It wasn't immediately clear when exactly the security breach took place.
According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.
"An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]... and the clients report [the theft] to the banks and not to us, resulting in a loss of people's money," he told DawnNewsTV.
"We are trying to play a proactive role in preventing bank pilferage," he added.
Shoaib said the agency has arrested many gangs involved in cybercrimes and recovered stolen money from them.
A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people's data, the official added.
'Data of over 8,000 account holders sold'
The disclosure comes days after around 10 banks blocked all international transactions on their cards, as concerns about a breach of credit and debit card data spread in the banking circles.
Sources told Dawn the State Bank of Pakistan (SBP) has been informed by several commercial banks that they have blocked international payments on debit and credit cards as a precautionary measure after cyber attacks on their clients’ accounts.
According to a digital security website krebsonsecurity.com, data of over 8,000 account holders of about 10 Pakistani banks was sold in a market of hackers.
A large Pakistani bank sent messages to its clients that online mobile banking services would be terminated for a temporary period from November 3 onwards on ‘technical grounds’.
The first cyber attack was reported by BankIslami on October 27. The bank said that Rs2.6 million was stolen from international payment cards after which it has stopped such transactions and allowed biometrically verified payments only on ATM cards within Pakistan.
Next day, the SBP issued directives to all banks to ensure that security measures on all information technology systems — including those related to card operations — are continuously updated to meet future challenges, ensure real-time monitoring of card operations related systems and transactions and immediately coordinate with all the integrated payment schemes, switch operators and media service providers.