Philippine Bank Chaos as Money Goes Missing From Accounts
7.6.2017 securityweek CyberCrime
A major Philippine bank shut down online transactions and cash machines on Wednesday after money went missing from accounts, triggering fears it had been hacked even as company officials said it was an internal computer error.
Customers of Bank of the Philippine Islands (BPI) were shocked on Wednesday morning to see unauthorized withdrawals and deposits from their accounts.
BPI said in a statement the problem was caused by an "internal data processing error" that had been identified.
But it had to close its automatic teller machines (ATMs) and told its eight million customers they could not do online transactions on Wednesday as the bank scrambled to fix the problem.
"Please do not panic... we will make sure that your money is there," BPI senior vice president Cathy Santamaria said at a news conference as social media lit up with complaints from customers about missing money and inconvenience.
Efforts to fix the problem were "progressing well" and the glitch was expected to be resolved within the day, the bank added in a statement, although it did not explain why the glitch occurred.
There has been global concern about hacking following the world's biggest ransomware attack last month that struck hundreds of thousands of computers worldwide.
Nestor Espenilla, the incoming governor of the Bangko Sentral ng Pilipinas, the country's central bank, said they had accepted "for now" BPI's explanation that no hacking was involved, but would still conduct its own probe.
"We have no reason to believe otherwise at this point of time, but as I said this is standard operating procedure, we always verify every incident that we are aware of," Espenilla said in a radio interview.
"For now I think it's important that BPI resolves it as quickly as possible. We take their assurance that this is not a hack and no money will be lost."
- 'Lost confidence' -
The bank said the error had led to some transactions between April 27 and May 2 to be "double posted" from Tuesday.
Santamaria said she did not know how many of the 166-year-old bank's customers were affected by the glitch.
She assured customers they had not lost money and their account balances would be fixed once the glitch was fixed.
But customers were unhappy and confused.
Yumi Sanpei-Angeles, 29, who had 15,500 pesos ($313) withdrawn from her account, told AFP she was considering switching banks, with her frustration at missing money compounded by not being able to check her account online.
"I've lost confidence in BPI's system," said Sanpei-Angeles, a corporate brand specialist, adding other people had been inconvenienced more than her.
"We have friends who needed the money today to pay for tuition. Another friend is travelling and cannot withdraw money via ATM. Such a huge hassle for customers because of the company's negligence."
Marjorie del Rosario, 27, said her two accounts with BPI were affected -- one had a negative balance because of an unauthorised withdrawal and the other had 40 pesos (80 cents) added.
"Almost all of us in our office were affected, from hundreds to six-digit figures lost from our accounts," she told AFP.
Other customers vented their frustrations through social media.
"I had 3 unauthorize atm withdrawals! What the heck! I don't have any money left on my Personal acct!!" a customer named Belle tweeted.
A user called wild flower wrote: "I lost my money... I only have 15 pesos (30 US cents) left on my pocket. How can I go home? Fix it please."
BPI's Santamaria was also forced to warn clients against posting personal bank account information online, noting that some had posted their private data on Facebook apparently to show what had happened.
"Please be vigilant. You also have a role to play in your personal safety," she said.
She also appealed for honesty from clients whose accounts had funds deposited.