Banco de México, the country's central bank, said the resources of customers were not affected when hackers sucked around 300 million pesos in fraudulent transactions from five companies in the April cyberattacks.
In a May 16 statement, the central bank explained that the accounts of individual clients are situated in a different system which requires individual validations per operation, adding that clients' individual accounts "have not been the target of attacks."
Furthermore, the regulator said its electronic payment system, known as SPEI, was not directly attacked and remained safe, as an ongoing investigation into the fraudulent transactions would make sure every point of vulnerability had been closed. The SPEI provides a private, encrypted network in which users can electronically transfer money between deposit accounts.
According to a Reuters report, Banxico did not identify the companies, but central bank Governor Alejandro Díaz de León said that three banks, a broker, and a credit union, were on the list.
Through the exposure, which was only reported earlier in May, money was illegally siphoned from "fake accounts" at the financial institutions and triggered several huge cash withdrawals from other banks. Banxico earlier had estimated the total amount at around 400 million pesos.
Diaz de Leon reportedly said some of funds transferred had not been withdrawn and could still be recovered, Reuters reported.
Meanwhile, Lorenza Martínez, head of the SPEI at Banxico, is resigning this week from the central bank, but her departure was reportedly agreed before the cyberattack took place and was not related to the event as previously reported, according to El Financiero.
As of May 16, US$1 was equivalent to 19.73 Mexican pesos.