An overview of recent massive financial attacks:


7-Eleven shut down its payment app after hackers stole $500,000 from users

On Thursday, 7-Eleven Japan suspended a recently-launched mobile payments feature on its 7Pay app after a flaw allowed a third party to make bogus charges on hundreds of customer accounts. The Verge


Chilean banks hit by Redbanc cyber attack

Redbanc confirmed that he suffered a new cyber attack that affects 41,593 credit and debit cards from 13 banking and non-banking institutions. Cooperativa


Australians at risk of fraud as hackers attack Westpac's platform

"Experts say that with access to these details, fraud could be committed on a mass scale." Sydney Morning Herald


Losses from bank transfer scams 'spiralling out of control'

Around £354 million has been lost in the last year alone - most of it stolen from personal accounts. Evening Standard


GozNym cyber-crime gang which stole millions busted

"What is known as 'crime as a service' has been a growing feature in recent years, allowing organised crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime." BBC News


Amazon hit by 'extensive fraud'

Filings have revealed that Amazon suffered a fraud attack with hackers stealing funds for over six months in 2018. The 'extensive' fraud involved hackers breaking into roughly 100 merchant accounts and siphoning cash from loans or sales into their own accounts. Daily Mail


Top Wall Street CEOs keep saying their No. 1 fear is a cyberattack that'll take down the financial system

"The next crisis is going to come from a different place," Hunt said. Business Insider



a smaller series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here's how they did it. WIRED


Bank of Valletta goes dark

Bank of Valletta shut down all its operations on Wednesday morning. All of the bank’s functions - branches, ATMs, mobile banking and even email services - were suspended and its website taken offline. Times of Malta


Metro Bank hit by cyber attack used to empty customer accounts

Metro Bank has become the first major bank to be named as a victim of a new type of cyber attack targeting the codes sent via text messages to customers to verify transactions. The Telegraph


BankIslami lost $6m within 23 minutes in cyber attack

Foreign-based hackers had breached the security systems of several domestic banks and added that “large sums of money have been taken out from bank accounts”. Data of more than 8000 accounts of 10 banks were available for sale in dark web. Pakistan Today


Tesco Bank fined £16.4m over cyber attack

An investigation by the FCA found flaws had left account holders vulnerable and the bank's response was "too little, too late".

It is the first time the FCA has issued a fine for a cyber-related incident. Tesco Bank said that since the incident it had "significantly enhanced" security measures. Sky News


How a Cyber Attack Could Cause the Next Financial Crisis

But the next crisis might not come from a financial shock at all. The more likely culprit: a cyber attack that causes disruptions to financial services, especially payments systems, around the world. Harvard Business Review


Cosmos Bank loses US$13.5m in cyber attack

Cyber criminals hacked the systems of India’s Cosmos Bank and siphoned off nearly 944 million rupees (US$13.5 million, RM55.1 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police. Malay Mail



The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over EUR 1 billion for the financial industry. The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist. Europol


City Union Bank CEO says suffered cyber hack via SWIFT system

The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Reuters

About the Timeline

The timeline is based on data compiled for the ACADEMY in addition to data provided by Belleron. Incidents that occurred after 2016 are based on data found in the media and on a monthly basis and are subsequently added to the timeline.

With respect to associating a specific date with an incident, which may be part of a longer financial attack, the dates for each event are either using the starting date/month of the incident, if known, or when the incident was first reported. For further questions about the method, please contact the team here.