Cyber Incident Victim: United Bank Limited
Date:
Apr 2022
Location:
Pakistan
Summary
Overseas cybercriminals conducted fraudulent financial transactions using compromised debit card data from a Pakistani financial institution, leading to unauthorized foreign currency transfers. The bank suspended international debit card transactions as a precaution and denied any systemic cyber-attack or data breach, attributing the incidents to customers inadvertently sharing sensitive information like PINs. Affected customers reported unauthorized withdrawals, primarily through MasterCard networks, with some detailing repeated failed transaction attempts even after card blocking. The institution committed to reimbursing customers not at fault under applicable banking and insurance regulations. This incident followed similar cyber-fraud events involving other major banks in the country, highlighting recurring vulnerabilities in digital payment systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late March or early April 2022, United Bank Limited (UBL) experienced a series of fraudulent financial transactions targeting customer debit cards, primarily those connected to MasterCard networks. Cyber criminals operating from overseas exploited compromised debit card data to conduct unauthorized transactions denominated in foreign currencies, predominantly US dollars. The bank detected multiple small-value fraudulent transactions across several accounts, with the illicit activity reportedly peaking the week prior to April 19. While UBL officials publicly denied any systemic cyber attack, data breach, or hacking incident, they acknowledged customer complaints about unauthorized transactions. The bank attributed most incidents to customers unintentionally disclosing PINs and passwords to third parties, though the exact method of initial data compromise remained unspecified in official statements.
UBL responded by suspending international transaction capabilities for nearly all customer debit cards as a precautionary measure, requiring customers to manually reactivate this service for internet banking use. The bank temporarily blocked compromised cards upon customer notification and initiated dispute resolution processes for fraudulent transactions. Affected customers, including individuals like Sohaib Irfan who reported unauthorized $65 deductions on April 19, were advised that reimbursements would follow banking and insurance regulations for non-negligent cases. Public frustration emerged on social media platforms, with customers criticizing delayed refunds and demanding immediate reversals of unauthorized transactions. The Federal Investigation Agency (FIA) became involved after receiving complaints initially referencing three private banks, though subsequent industry reports singled out UBL as the primary affected institution. The total financial impact and exact number of compromised accounts remained undisclosed, with the bank providing no details on whether customer data repositories or payment processing systems were directly targeted. This incident followed previous cyber crime events involving multiple Pakistani banks, including UBL itself, Habib Bank, National Bank of Pakistan, and BankIslami, though no explicit connection between these prior incidents and the 2022 fraud was established in available reports.