The hackers were able to access UCPB’s core system in the middle of an online security upgrade.
“UCPB is investigating the incident in close coordination with the NBI and other concerned authorities. Pending completion of the investigation which started mid-June, the bank continues to review and strengthen its IT and security controls,” the bank said in a statement sent to Bilyonaryo.
“The bank would like to assure its stakeholders that clients’ funds were not affected by the incident,” UCPB said, noting that it remains to be a strong and profitable institution with a net income of P2.9 billion in the first half.
UCPB’s Corporate Services and Security Group sought the help of the National Bureau of Investigation Cybercrime Division after hackers reportedly managed to inject malware or computer virus that allowed them to see how the bank processed, sent and received cash online.
The NBI identified several suspects during the initial investigation, including two Nigerian nationals. One of them successfully withdrew more than P4.4 million in one day from various ATM terminals.
Bank records showed that the Nigerian national opened the account on May 31, 2020 with an initial deposit of P2,000.
Apart from ATM withdrawals, the suspects were also able to perform bank transfers with the cash withdrawn immediately by the suspects.