Cyber Incident Victim: State Bank of Mauritius
Date:
Oct 2018
Location:
India
Summary
The State Bank of Mauritius faced a cyberattack targeting its Indian operations through fraudulent SWIFT payments, potentially resulting in significant financial losses. While initial estimates suggested a $14 million impact, recovery efforts reduced the effective loss to approximately $4 million, with assurances that no customer funds were affected. The incident, part of a series of similar breaches in India involving unauthorized SWIFT transactions, prompted internal and external investigations alongside a comprehensive cybersecurity review. The bank confirmed its operations would continue normally despite the attack, emphasizing ongoing recovery measures and collaboration with regulatory authorities to address the breach. This marked the third such cybersecurity incident affecting Indian banks within the year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 2, 2018, the Indian operations of State Bank of Mauritius (SBM) experienced a cyberattack involving fraudulent transactions through the SWIFT interbank messaging system. The bank’s parent company, SBM Holdings, publicly disclosed the incident the following day, warning of a potential financial loss amounting to $14 million (approximately Rs 100 crore). SBM initiated an internal investigation and reported the breach to relevant authorities for an external probe. The bank assured customers they would bear no losses from the incident. This marked the third major cyber breach targeting Indian banks in 2018 and the second specifically exploiting the SWIFT system. Earlier that year, in February, City Union Bank suffered a $2 million loss through three unauthorized SWIFT transfers attributed to overseas hackers. In August, Pune-based Cosmos Bank lost Rs 94 crore after attackers compromised its servers. The bank distinguished this incident from the Punjab National Bank fraud case involving Rs 13,000 crore, which stemmed from employee collusion rather than external system infiltration.
SBM’s Indian operations—comprising four branches at the time—launched a comprehensive cybersecurity review following the attack, aligning with Reserve Bank of India mandates for enhanced fraud management frameworks. Concurrently, the bank pursued financial recovery efforts, publicly stating these could substantially reduce the initially projected $14 million loss. An anonymous source familiar with the situation claimed SBM had recovered approximately $10 million, potentially limiting net losses to $4 million, though the bank’s official communications did not confirm any recovery figures. Despite the breach, SBM maintained normal operations across its Indian branches and reaffirmed expansion plans under its newly acquired wholly owned subsidiary license, which included launching six additional branches. The incident occurred as SBM sought to strengthen its foothold in India, having operated there since 1994.