Third bank admits its SWIFT payment systems were hacked in $12m cyber heist

Ecuadorian bank heist pre-dates Bangladesh Bank theft - SWIFT urges banks to share data on cyber attacks

A bank in South America has come forward to admit that it, too, has been subject to a cyber attack that compromised the security of its SWIFT inter-bank payment systems.

Ecuadorian bank Banco del Austro claims that it lost $12m in a cyber attack similar to the $951m attack against Bangladesh Bank perpetrated in February this year, and a foiled attack on Vietnam's Tien Phong Commercial Joint Stock Bank, better known as TPBank, which is believed to have been targeted in April.

However, the Banco del Austro attack occurred more than 15 months ago and therefore pre-dates the big attack on Bangladesh Bank by almost a year. This indicates that the use of targeted malware to compromise banks' international payment systems may be a bigger and more far-reaching issue than originally feared.

The news was disclosed in a lawsuit filed in New York by the South American bank against Wells Fargo, which handles international bank transfers on its behalf.

Separately SWIFT, the payments organisation that provides the infrastructure for inter-bank transfers, has urged banks to be more forward in sharing information about attempted cyber attacks.

"We specifically remind all users to respect their obligations to immediately inform Swift of any suspected fraudulent use of their institution's Swift connectivity," SWIFT said in a statement today. It continued: "We are currently working to further reinforce our support to customers in securing their access to the Swift network."

In the February 2016 attack against Bangladesh Bank - the country's central bank - the attack was stopped mid-way through after an elementary spelling error caused one of the fraudulent transactions to be questioned by one of the correspondent banks handling the transfer. Around $20m was recovered, but the thieves were still able to get away with $81m.