Cyber Incident Victim: Akbank
Date:
Dec 2016
Location:
Turkey
Summary
A Turkish financial institution was targeted by hackers through the SWIFT global payment network, though no customer data was compromised. The bank confirmed immediate implementation of preventive measures and coordination with authorities, maintaining normal system operations throughout the incident. While the attack's direct financial impact remained unclear, the organization disclosed a maximum potential exposure of $4 million, with any losses covered by existing insurance policies. This event occurred amid heightened global concerns about systemic vulnerabilities in international banking infrastructure following similar high-profile SWIFT-related breaches. The messaging network operator stated no evidence of compromise to its core services during this incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 8, 2016, Turkey’s Akbank, the country’s third-largest listed bank by assets, was targeted in a cyber attack exploiting the SWIFT global money transfer system. Hackers attempted to initiate fraudulent transactions through the bank’s SWIFT interface, mirroring tactics observed in the February 2016 Bangladesh Bank heist where $81 million was stolen. Akbank confirmed the incident in a public statement on December 8, clarifying that no customer data was compromised and that its core systems remained operational throughout the attack. The bank immediately implemented preventive security measures upon detection and notified relevant authorities, though it withheld specific technical details about the attackers’ entry vector or the exact nature of the fraudulent activity. While the bank did not disclose whether any funds were successfully stolen, it estimated the maximum financial exposure at $4 million, emphasizing that this amount would be fully covered by existing insurance policies. Akbank assured stakeholders that the incident would not impact its operational capabilities or financial standing.
The attack underscored systemic vulnerabilities in the SWIFT network, which facilitates trillions of dollars in daily cross-border transactions. SWIFT, a Belgium-based cooperative, responded by asserting there was "no indication" its core messaging services or network infrastructure had been breached, implying the compromise originated from Akbank’s local SWIFT interface—a pattern consistent with prior attacks involving credential theft or insider collusion. The incident occurred amid heightened global scrutiny of SWIFT’s security following the Bangladesh Bank heist, which revealed how attackers could manipulate payment instructions to drain correspondent accounts. Akbank’s shares declined 1.1% to 7.87 lira on the day of the disclosure, slightly underperforming the broader Istanbul banking index, which fell 0.7%. No further operational disruptions, customer losses, or regulatory penalties were reported following the bank’s containment efforts.