When news of the cyber attack became public, Bloomberg pointed out that if the damages amounted to the funds misappropriated this would be one of the biggest hacking losses by size.
Ultimately the loss was an initial outflow of liquid funds totaling Euro 52.8 million but the company confirmed recovery of Euro 10.9 million.
In the company's press release they acknowledged that their financial accounting department was the target of the cyber fraud. Prompting speculation that the company was likely the victim of a business email compromise (BEC) or CEO fraud, these sophisticated phishing attacks occur when cyber criminals send fake email messages from company CEOs, often when a CEO is known to be out of the office, asking company accountants to transfer funds to a supplier (in fact the funds go to an attacker's bank account). The company also disclosed that its IT infrastructure, data security, IP rights and the group’s operational business were not affected by the criminal activities.
Later the same year, in August 2016, a Chinese citizen was arrested in Hong Kong in connection with the fraud, the 32-year-old man was an authorized signatory of a Hong Kong-based firm that received around Euro 4 million annually from the company.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.