Cyber-criminals stole about $12 million from an Ecuadorean bank in a 2015 heist that bears all the hallmarks of later attacks against Bangladesh's central bank and a small Vietnamese lender.
Banco del Austro SA said in a lawsuit filed in New York against Wells Fargo that hackers got access to the codes the bank uses to move money via Swift, the global interbank network, and used them to transfer funds from the U.S. bank. Though the attack happened more than 15 months ago, a Swift spokeswoman told Reuters that the firm had only just found out about it, suggesting banks have not been sharing details of such attacks with the cooperative.
Asked for comment, a Wells Fargo spokesperson offered the following statement: "With respect to the Banco del Austro case, Wells Fargo properly processed the wire instructions received via authenticated SWIFT messages and Wells Fargo's computer systems were not compromised in any way. Wells Fargo is not responsible for the losses suffered by Banco del Austro and intends to vigorously defend the lawsuit. Wells Fargo continually assesses our SWIFT platform and monitors systems searching for potential threats and takes action as warranted through updates to our security tools and practices."
Vietnam's Tien Phong Commercial Joint Stock Bank, known as TPBank, informed the country's regulators this week that it had fended off a fraudulent transfer request late last year for more than 1 million euros ($1.1 million) that came through a third-party service that the bank used to connect to the Swift system. In February, Bangladesh lost $81 million after its central bank was infected with malware. The hacks have sparked concerns within global banks, some of which are privately pressing Swift to shore up security at its 11,000 members.
"We specifically remind all users to respect their obligations to immediately inform Swift of any suspected fraudulent use of their institution's Swift connectivity," the firm said Friday in a statement. "We are currently working to further reinforce our support to customers in securing their access to the Swift network."
Details of the lawsuit were previously reported by Reuters.
Penny Crosman of American Banker contributed to this article.