A cyber attack on Bank of Valletta on Wednesday involved the creation of false international payments that saw €13 million transferred to banks in four countries, Prime Minister Joseph Muscat told parliament.
“That money did not come from the people’s money and the amounts have been traced and are being reversed,” Dr Muscat said in a statement.
He said that at a meeting with the bank’s management he had been given an account of developments through the day and assured that depositors’ accounts were safe.
The attack was detected soon after the start of business on Wednesday during reconciliation of international transactions when discrepancies in eleven payments were noticed.
Shortly after, the bank was informed by the Security Service that it had received information that the bank had been the target of a cyber attack originating abroad.
Within half an hour the bank stopped international payments made to four countries - the UK, the US, the Czech Republic and Hong Kong.
The bank asked its correspondent banks to stop payments and reverse payments which may have already been made.
In order to minimise risk and review its systems, the bank then suspended operations.
The National Cyber Security Committee was informed and its experts were called to assist in investigations.
Bank's systems robust
Replying to various questions by Opposition leader Adrian Delia, Dr Muscat said he had made his statement as prime minister and in view of the bank’s importance to the economy and not because the government was a shareholder.
Dr Muscat said that the fact that the bank had detected the attack even before it was informed internationally, and it shut down within 30 minutes, showed the robustness of its systems. This had been a major and complex operation which was executed quickly once the bank noticed the discrepancies in international payments.
Read: Six times cyber crime targeted banks in 2018
The bank, he said, accounted half of Malta’s bank transactions. The fact that it had been closed for a day had an impact on the economy. It also caused problems not just locally but also abroad for credit card holders who needed to make payments, such as to hotels.
Alternative arrangements are being made with card companies to help such people, the Prime Minister said.
Alternative arrangements for cardholders abroad and social security payments
Furthermore, he said, 12,000 people also needed to receive social security payments through direct credit to Bank of Valletta accounts on Thursday.
Contingency planning was being made by the Central Bank, which would issue its own cheques if necessary.
Dr Muscat said Bank of Valletta was also considering ways how it could resume operations gradually.
The starting point, was that people’s money was safe. No one had lost anything.
What needed to be ensured was that when the system was turned back on, it was ‘clean’ and this problem did not re-appear. Experts needed to be sure that the attack was not dormant and may reappear.
A balance therefore had to be struck between haste to resume business and making sure all was well.
The bank was carrying out an internal review to establish where the attack originated from. Had protocols been broken? Was this a phishing attack? Had all procedures been followed? Was the attack so sophisticated it could overcome procedures?
Dr Muscat said the false transactions had been traced to the countries and banks to which the funds had been sent, some in sterling and some in dollars and the funds were being recovered.
Police investigations are under way and a Magisterial inquiry has been launched.