A software vulnerability could have been used to siphon over $15 million from Mexican banks

(Getty Images)


Written by

Over $15 million was stolen from Mexican banks this month by thieves who created fake money orders and phony accounts to withdraw funds from dozens of branches, according to media reports. 

The criminals sent hundreds of fake money orders to move hundreds of thousands of pesos between at least five of Mexico’s biggest banks, whereafter accomplices quickly withdrew cash, Reuters reports. 

A vulnerability in software that was used to connect payment systems between the banks is thought to have been exploited by the thieves, allowing them to create the fake orders, Lorenza Martinez, head of operations for Mexico’s central bank told Reuters. 

Though initial estimates said that 300 million pesos ($15.2 million) had been stolen, other estimates have the amount closer to 400 million pesos ($20.3 million). 

“There’s no evidence that would allow us to say with certainty that this is over,” said Mexico’s central bank Governor Alejandro Diaz de Leon in a press conference Monday, “We’re taking corrective and mitigating action.” He added that the central bank is still investigating. 

Diaz de Leon later said in a radio interview that the evidence so far pointed to a cyberattack.

The central bank said in a statement that no clients have been affected by the theft. 

-In this Story-

Mexico, Reuters, theft, vulnerabilities