Hackers could have stolen up to around 400 million pesos from Mexican banks in an April cyberattack that is still under investigation, according to preliminary estimates from the country's financial regulators, El Financiero reported.
Grupo Financiero Banorte SAB de CV is reportedly the only bank to have acknowledged the attack, which Banco de México, the country's central bank, identified in April. According to El Financiero, citing unnamed sources, Banorte's loss amounts to around 150 million pesos.
Meanwhile, the paper reported that Banco del Bajío SA Institución de Banca Múltiple's loss was around 160 million pesos, despite the bank having firmly denied May 14 that it suffered a cyberattack.
The remaining amounts were reportedly stolen from smaller lenders, but El Financiero did not publish their names. Bloomberg previously reported that Banco Nacional del Ejército Fuerza Aérea y Armada S. N. C. had also suffered losses in the attack.
Central bank head Alejandro Díaz de León reportedly said "all information we have points towards a cyberattack," according to Reforma, marking Banxico's first acknowledgement of the event.
Meanwhile, Banxico announced it is creating a new Cybersecurity Directorate to develop a strategy to protect its systems and information in the future.
According to the central bank, five financial institutions whose connections to its payment system, known as SPEI, were compromised. Through the exposure, money was illegally siphoned from "fake accounts" at the financial institutions and triggered several huge cash withdrawals from other banks, Banxico has said.
Through the SPEI, the central bank provides a private, encrypted network in which users can electronically transfer money between deposit accounts. The SPEI itself was not compromised and the issue was observed through an internet application used by financial institutions to connect to the system, according to earlier reports.
As of May 14, US$1 was equivalent to 19.54 Mexican pesos.