Cyber Incident Victim: Bank of Valletta
Date:
Feb 2019
Location:
Malta
Summary
A cyber attack targeted a major Maltese financial institution, involving unauthorized international fund transfers totaling 13 million euros to banks in four countries. The breach was detected through transaction discrepancies, prompting a complete operational shutdown—including branch closures, ATM deactivation, and website suspension—to mitigate risks and review systems. While depositor funds remained unaffected, the disruption impacted the national economy and caused difficulties for overseas credit card transactions. The fraudulent transfers were traced, with recovery efforts initiated to reverse them. The institution conducted an internal investigation to determine the attack's origin and methods while planning gradual service restoration with enhanced security measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13, 2019, Bank of Valletta—responsible for nearly half of Malta’s banking transactions—experienced a cyber attack that forced a complete operational shutdown. Hackers infiltrated the bank’s systems and initiated fraudulent international transfers totaling €13 million ($14.7 million) to recipient banks in the United Kingdom, United States, Czech Republic, and Hong Kong. The attack was detected early that Wednesday during routine reconciliation checks, when discrepancies in international transactions were identified. Shortly afterward, Maltese state security services alerted the bank to foreign intelligence indicating it had been targeted. To contain the breach and assess system integrity, Bank of Valletta suspended all services: branches across Malta were closed, ATMs deactivated, and its website taken offline. Prime Minister Joseph Muscat confirmed to parliament that depositors’ funds remained untouched, emphasizing that the fraudulent transfers did not originate from customer accounts. The bank traced the illicit transactions and began efforts to reverse them through correspondent banking channels.
The shutdown disrupted Malta’s economy due to the bank’s market dominance and caused immediate challenges for international credit card holders, particularly those needing to make time-sensitive payments like hotel bookings. The government coordinated with credit card providers to establish alternative payment arrangements for affected customers. Bank of Valletta assured clients via public statements that accounts and funds were uncompromised while working to restore services incrementally, prioritizing security reviews to prevent recurrence. An internal forensic investigation was launched to determine the attack’s origin and methodology. Though Maltese banks had previously reported cyber intrusions, this marked the first instance where a financial institution halted all operations in response. The incident underscored systemic vulnerabilities without compromising customer assets, as recovery efforts focused on transaction reversal and phased reactivation of banking infrastructure.