No financial losses from UCPB cyberheist – BSP

Published September 3, 2020, 1:26 PM

by Lee C. Chipongian

Bangko Sentral ng Pilipinas (BSP) Governor Benjamin E. Diokno has assured depositors of United Coconut Planters Bank (UCPB) that BSP is working with the bank to get to the bottom of the reported cybersecurity breach and that accounts were unaffected.

 “Initial investigation results also indicate no financial losses or damages were incurred by UCPB accountholders in this particular incident,” said Diokno on Thursday.

 Diokno said the BSP has been informed of the incident as soon as it happened since banks have to report to the BSP any cyber-related crimes within two hours from its detection. UCPB said the cybersecurity issues were reported in June this year.

 The central bank is “well-aware of the reported UCPB incident and has been in close coordination with the bank since the early part of its investigation,” he said. “UCPB is undertaking the necessary remedial measures to heighten cybersecurity, including collaborating with the NBI (National Bureau of Investigation) for the investigation and eventual prosecution of the suspected criminals.”

 Diokno added: “We remain steadfast in fully resolving the matter as we work closely with the bank and relevant law enforcement agency. Rest assured, in pursuit of our cybersecurity agenda, we continue to collaborate and engage the BSP Supervised Financial Institutions (BSFIs) to ensure the safety and integrity of the financial system as well as the protection of the financial consumers.”

 In the meantime, UCPB said they are beefing up cybersecurity after the incident and all its IT and security systems under critical review at the moment.

 “UCPB is investigating the incident in close coordination with the NBI and other concerned authorities. Pending completion of the investigation, the bank continues to review and strengthen its IT and security controls,” said UCPB in a statement.

 UCPB, which had a net income of P2.9 billion in the first six months of 2020, is also assuring its investors or stakeholders that “clients’ funds were not affected by the incident and that security measures have been implemented to avoid recurrence of the June incident.” 

The reported cyber attack on UCPB allegedly involved P167 million, based on a report by That report cited the NBI who apparently identified Nigerian nationals as culprit to the illegal cash transfers and withdrawals from the bank’s ATM terminals.