Government financial institutions have been ordered to beef up their security systems after United Coconut Planters Bank (UCPB) lost at least P167 million from a cyber-heist.
“UCPB is reviewing and strengthening its IT and security controls,” Finance Secretary Carlos G. Dominguez III told reporters in a Viber message on Friday. “I have instructed our government financial institutions to keep their security systems up to date and sophisticated.”
State-run UCPB and the National Bureau of Investigation (NBI) had been investigating the money heist since mid-June after it happened, Mr. Dominguez said.
The lender lost P167 million through a series of huge withdrawals from automated teller machines (ATM) and online transfers over three days, after its system was hacked to expand ATM withdrawal limits from P20,000 a day to P10 million, the Philippine Daily Inquirer reported on Thursday.
“We also assure the public that government financial institutions are consistently fortifying their cybersecurity systems,” Mr. Dominguez said. “Client funds are safe and intact, and we are taking the necessary steps to protect our stakeholders.”
Client accounts had not been affected by the money heist and the state lender remains “resilient and well-managed” after posting P2.9-billion in net income in the first half, he said, citing UCPB.
In July, the government increased its stake in UCPB to 97% from 75% after converting into special preferred shares P12 billion worth of notes that the bank had issued to the Philippine Deposit Insurance Corp. (PDIC) in 2009.
“Government banks are strictly complying with Bangko Sentral ng Pilipinas (BSP) circulars on information risks and security,” Mr. Dominguez said. He added that state lenders continue to update the security features of their databases, servers, devices and software.
Government financial institutions also verify their business partners and try to limit third-party access to critical programs, the Finance chief said. They also have systems in place to detect and eliminate potential cyber attacks, he added.
“We are working closely with law enforcement and the BSP to keep GFIs and the banking system safe, secure, and reliable,” Mr. Dominguez said.
“No stone will be left unturned as we investigate this incident and as we strengthen all components of our security systems,” he said. “We will also see to it that the perpetrators are caught, tried and punished to the fullest extent of the law.” — Beatrice M. Laforga