Only a small part of the Bank of Valletta (BOV) system was attacked on Wednesday but a total shutdown was necessary as a precautionary measure, the bank’s Chief Officer Business Development Investments Kenneth Farrugia told The Malta Independent.

On Wednesday morning BOV was compelled to shut down its operations after one of the bank's systems fell victim to a hacking attempt. Addressing Parliament on Wednesday afternoon, Prime Minister Joseph Muscat explained that the hackers falsified various transactions which transferred a total of €13 million to four different countries in euros, American dollars, and sterling.

The bank resumed its operations on Thursday morning following rigorous overnight testing of the bank’s IT systems which were successful, the bank said in a statement Thursday.

In comments to The Malta Independent, Farrugia explained that on Wednesday, “during routine reconciliations that the bank carries out every morning it noticed that there were discrepancies in eleven payments having a total value of around €13 million emanating from the bank’s foreign payment accounts. We immediately realised that the bank had been breached.”

Farrugia insisted that “one needs to point out that the bank decided to shut down the whole system for security reasons, not because the whole bank system was under a cyber attack. It was only a small part of the system that was hacked but the bank decided to shut down the rest of its operations. Precaution was needed and that is why we switched everything off. This caused disruption but we are happy that we managed to come back in operation after a few hours.  After we switched off our systems we made sure that the customers’ service centre was given more resources so as to deal with queries that our clients had.”

He said that no ATMs, cards, data of clients and companies, internet and phone banking and other systems were infiltrated. In fact a number of these systems such as ATMs, were functioning again at around midnight. He added that the only service that is not yet available is payments to international third parties not within the Single European Payments Area; however “our intention is to re-activate this shortly.  All other international payments in Euro within the SEPA region are being processed normally.  ”.

Asked what the ultimate goal of the cyber attack was, Farrugia said that, “cyber attacks are traditionally after either illegitimate money transfer or data or both. Evidently, the motivation behind this cyber attack indicated that money was the key motivator”

Farrugia said that on Thursday morning, before the bank opened its branches around the island, branch management were briefed on the state of play at 630am

Asked if the attack was the work of a local or foreign hacker/s, Farrugia said that so far they cannot say, explaining that hackers can mask their location, making it appear that the attack is coming from a different county. IT bank experts, together with a local and foreign police cyber-crime unit, are investigating. A magisterial inquiry has also been launched.

Asked whether such an incident means that the bank can easily be hacked, Farrugia said that the  bank’s security system is continuously updated and rigorously tested on an ongoing basis.

Nonetheless, one must keep in mind that cyber attackers are constantly trying to penetrate financial  systems.

“This is not an isolated case as banks and even private companies are constantly faced with cyber threats driven by hackers trying to penetrate their systems. On the security front, the bank has an ongoing program of reviews and updates to its security systems and equally has in place a highly rigorous testing program. 

Despite the significant investment undertaken by banks in the security space, no bank in the world will give a guarantee that it has a watertight cyber-attack free system. This in view that cyber hackers continuously refine their hacking skills and attack techniques.

Going forward, together with its specialist security consultants, the bank is currently conducting a detailed investigation on the breach, actively working to fully reinstate its international payment system, and equally following up on the recall of the illegal transactions.