A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks.

Officials from Mexico’s central bank confirmed to Reuters that a series of “irregular” and unauthorised interbank money transfers involving large sums of money were detected late last month.

Unnamed sources have told the media that hundreds of millions of pesos were fraudulently wired out of banks in a co-ordinated heist at several institutions while accomplices d the accounts in cash drained recipient accounts at “dozens” of branch offices.

Bank of Mexico Governor Alejandro Diaz de Leon gave a preliminary estimate that approximately 300 million pesos had been involved in the heist but that not all of it had yet been withdrawn and so could still be successfully recovered. Other local media reports have quoted anonymous sources suggesting the amount of money stolen by the hackers is even larger, perhaps as much as 400 million pesos (US $20 million).

Diaz de Leon said that an investigation into precisely what had happened is ongoing. He also apologized to customers:

We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security.

The bank governor has declined to name the banks that have been hit, but media reports have claimed that Mexico’s second-largest bank, Banorte, was affected.

For now, mystery surrounds precisely how the hackers managed to drain the banks of such a substantial amount of money.

Lorenza Martinez is the head of operations at the Bank of Mexico (Banxico for short). Martinez told Reuters that the central bank’s SPEI interbank transfer system – similar to SWIFT used elsewhere in the world – was not (Read more...)