Taiwan's Far Eastern International fined T$8 million over SWIFT hacking incident

TAIPEI (Reuters) - Taiwan’s financial regulator said on Tuesday it had fined Far Eastern International Bank T$8 million ($266,524) due to deficiencies related to its SWIFT system hacking incident.

In October, Taiwan local media reported that hackers sought to steal some $60 million from Far Eastern Bank, and all but $500,000 had been recovered by the bank.

Also in October, a cyber-security firm BAE Systems Plc said that a North Korean hacking group was likely responsible for a recent cyber heist in Taiwan.

The financial regulator said that in early October, Far Eastern Bank discovered that its system was infected by a computer virus and that its SWIFT system was hacked, resulting in sham transactions that sent out funds.

According to Far Eastern Bank’s investigation, the bank lost about $60.1 million in funds, but subsequently recovered much of the amount, the Financial Supervisory Commission (FSC) said in its statement.

The final amount lost by Far Eastern Bank was up to $160,000, the regulator added.

Both the bank’s own stated views and the regulator’s investigation showed that in this bank’s case its information security defense system was not completely sound, account management was inappropriate, and that the bank had not strengthened its SWIFT safety system, the regulator said.

For the above reasons, and related ones, it said that Far Eastern Bank had not ensured its internal control system for information security and as a result violated a clause in Taiwan’s banking law.

Far Eastern Bank did not immediately respond to a request for comment.

Last month, SWIFT, the global messaging system used to move trillions of dollars each day, warned that the threat of digital heists is rising as hackers adopt increasingly sophisticated tools and techniques.

Taiwan’s financial regulator has already ordered Far Eastern Bank to raise the level of its information security unit, increase its number of information security personnel and strengthen its information security risk awareness system.

The regulator also said that it would work to improve its information security regulatory system, and invite the participation of outside experts.

Reporting By Emily Chan; Writing by Jess Macy Yu; Editing by Muralikumar Anantharaman