When news of the cyber attack became public in January 2016, Bloomberg pointed out that if the damages amounted to the funds misappropriated this would be one of the biggest hacking losses by size.
Ultimately the loss was an initial outflow of liquid funds totaling Euro 52.8 million but the company confirmed recovery of Euro 10.9 million.
In the company's press release they acknowledged that their financial accounting department was the target of the cyber fraud. Prompting speculation that the company was likely the victim of a business email compromise (BEC) or CEO fraud, these sophisticated phishing attacks occur when cyber criminals send fake email messages from company CEOs, often when a CEO is known to be out of the office, asking company accountants to transfer funds to a supplier (in fact the funds go to an attacker's bank account). The company also disclosed that its IT infrastructure, data security, IP rights and the group’s operational business were not affected by the criminal activities.
Later the same year, in August 2016, a Chinese citizen was arrested in Hong Kong in connection with the fraud, the 32-year-old man was an authorised signatory of a Hong Kong-based firm that received around Euro 4 million annually from the company.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: