Malta’s Bank of Valletta Uncertain to Find Hacked $14.7 Million
Malta’s Bank of Valletta (BOV), hit by cyber robbers in a €13 million (US$14.7 million) theft late last week, may never recover the full amount stolen, a bank official said.
The as-yet unknown hackers created 11 false international payments and transferred the funds to accounts they controlled in the U.S., U.K., the Czech Republic and Hong Kong. Bank officials were initially flush with the prospect of retrieving the money but the prospects are uncertain now, Kenneth Farrugia, BOV’s chief business development officer, told the Times of Malta.
“We know where the money went and into which banks but what happened at that touchpoint we do not have the visibility to know,” Farrugia said. “It’s not simply a matter of asking the banks for the money to be reversed. It does not work like that and there are banking procedures that have to be implemented,” he said.
In the heist’s immediate aftermath, Prime Minister Joseph Muscat told Parliament that funds stolen in the illicit transfers were being traced and would be retrieved. Inasmuch as BOV accounts for roughly half of Malta’s banking transactions, the cyber attack temporarily tossed the island nation’s economy into a temporary crisis.
BOV isn’t saying how much money, if any, that it’s recovered to this point and Farrugia declined to speculate how much would ultimately be recouped, the report said. The hackers targeted the bank’s payment processing system from its own account and no customer funds or personal data was stolen in the breach. “Whoever carried out the hack did so for the value. They did not go beyond the payment process that involved our bank,” Farrugia reportedly said.
So far, there is much that BOV officials don’t know about what happened, including where the attack originated, how the hackers got in and the weak point they exploited. And, they don’t know if it was an inside job. Farrugia told the Times that it was too early in the investigation to answer with certainty those and other questions.
“We have started eliminating by looking at audit logs to try and find out where this came from and what the entry point was. But we have yet to determine the source,” he said.