MANILA, Philippines—The Bangko Sentral ng Pilipinas (BSP) has formed a task force to investigate the spate of fraudulent online transactions that affected what BDO Unibank said were “close to 700” of its clients last weekend.
At a press briefing, BSP Governor Benjamin Diokno said he instructed the task force to submit a report to him within 30 days covering the extent of the cyber attack, recommendations to prevent reoccurrence and remedial measures.
“We are forming a task force composed of cyber and anti-money laundering specialists and legal officers to determine the root causes and possible lapses in this incident,” the central bank chief said.
The task force will be composed of Deputy Governor Chuchi Fonacier, who is in charge of financial supervision, Technology Risk and Innovation Supervision director Mel Plabasan, the central bank’s legal officers and the Anti-Money Laundering Council.
“Guided by relevant laws and regulations, penalties or sanctions may be imposed depending on the results of the examination,” he added.
Last weekend, BDO reported that some clients were hit by a “sophisticated fraud technique” perpetrated through its online banking platform.
The incident was reported late Saturday night by the Manila Bulletin.
“BDO confirmed in their statement that the incident emanated from their 10-year-old web service that is due for phaseout early next year,” Diokno said.
“We also know that some customers reported that they did not click on any links nor were they asked to supply sensitive information. So we are in close coordination with BDO and will update the public on this matter.”
The central bank chief said getting to the bottom of the incident will require “a complex cyber forensic investigation to determine actual number of affected customers and how much they have lost.”
Diokno said he has received assurances from BDO that affected customers shall be reimbursed for their losses.
“And we will make sure that this will happen as soon as possible,” he said, adding that the central bank will also investigate the incident to identify vulnerabilities and non-compliance with expectations in managing cyber and anti-money laundering risks.