Authorities have identified “two or more” individuals behind the hack of BDO Unibank’s online security system which led to unauthorized fund transfers that affected about 700 depositors, a Bangko Sentral ng Pilipinas official said.
Director Melchor Plabasan of BSP’s Technology Risk and Innovation Supervision Department told One News’ The Chiefs Tuesday (December 14) that the suspects allegedly opened bank accounts online under the Aboitiz-owned UnionBank days before BDO’s online security system was hacked.
Plabasan said the Sy-owned lender and UnionBank are expected to file charges against the masterminds of the hacking incident.
“The real persons behind Mark Nagoyo have been identified, so I think BDO and the other institution, Union Bank, will definitely file charges if these persons allowed their accounts to be used for these fraudulent activities,” he said.
Plabasan said initial investigation results showed that the scam is not an inside job.
“So far, based on what we saw, individual account holders… I think they are not bank employees and they just opened their accounts recently. Some of them opened last October,” the BSP official said.
Funds stolen from affected BDO clients ranged from P30,000 to P50,000. They were transferred to Nagoyo’s UnionBank accounts in real time via Instapay.
BDO has blamed the security breach on a 10-year-old web service that was scheduled to be phased out next year.
The BSP is conducting an investigation to determine if there were lapses in BDO or UnionBank’s risk protocols.