By Beting Laygo Dolor, Contributing Editor
The Philippine banking industry was shocked last week following reports that the United Coconut Planters Bank (UCPB) was victimized by Nigerian hackers resulting in a loss of PHP167 million (US$3.34 million).
The state-owned bank said it was working with authorities to trace how the cybercrime succeeded.
The Bangko Sentral ng Pilipinas (BSP, the Philippines’ central banking authority) said the National Bureau of Investigation (NBI, the country’s counterpart of the FBI) was taking the lead in the investigation.
BSP Gov. Benjamin Diokno said, “the BSP is well aware of the reported UCPB incident and has been in close coordination with the bank since the early part of its investigation.”
A UCPB insider said the hackers were able to defraud the bank through malware that allowed them to remotely access functions. This allowed the hackers to send and receive cash online.
The hackers reportedly opened 13 bank accounts in UCPB last May, at the height of the government-imposed lockdown of Metro Manila and the main island of Luzon. They then carried out their cybercrime one month later.
A team of auditors from the Land Bank of the Philippines – also a state-owned bank – and the Philippine Deposit Insurance Corporation (PDIC) was ordered to conduct a thorough examination of the inner workings of UCPB last week after the government’s economic managers learned of the successful hacking, which reportedly occurred during the long weekend of June 12, the Philippines’ Independence Day.
The team was eyeing the possibility that bank insiders may have had a role in the crime.
After the hackers juggled funds from various UCPB accounts, they then withdrew the funds from various automated teller machines. The large-scale theft took place last June, when UCPB was implementing a security upgrade.
In a statement, UCPB said it was assuring its stakeholders that “clients’ funds were not affected by the incident and that security measures have been implemented to avoid recurrence of the June incident.”
The statement also said that the bank “remains to be a strong and profitable institution, registering a net income of PHP2.9 billion (US$58 million) for the first half of 2020.”
The BSP sought to alleviate the banking community as well as the public’s fears that the cybercrime could be repeated with other banks.
The BSP said UCPB’s clients were not hurt by the multi-million peso theft. “Initial investigation results also indicate no financial losses or damages were incurred by UCPB account holders in this particular incident,” said the BSP.
The Central Bank added: “Rest assured, in pursuit of our cybersecurity agenda, we continue to collaborate and engage BSP supervised financial institutions to ensure the safety and integrity of the financial system as well as the protection of the financial consumers.”
For his part, Finance Sec. Carlos Dominguez III said, “No stone will be left unturned as we investigate this incident and as we strengthen all components of our security systems.”
He added that the government would see to it that the perpetrators “are caught, tried and punished to the fullest extent of the law.”
It was only last June that UCPB appointed a new president in the person of Liduvino Geron, formerly of Land Bank. Geron’s appointment was reportedly the direct result of the heist.
UCPB was once one of the country’s leading commercial banks but became mired in bad loans and weak management in the early 2000s.
By 2008, the bank was forced to seek liquidity assistance from the PDIC to the tune of PHP20 billion. Due to UCPB’s inability to repay the loan, it was instead converted to equity thereby giving the government a 97 percent stake in the bank.