The global cyber scourge continues— Hong Kong Monetary Authority alerts banks on recent cyber security incidents

On May 24, 2019, the Hong Kong Monetary Authority (HKMA) issued an alert regarding eight cyber security incidents involving a total sum of HK$70,000 (Alert). While not necessarily a lot of money, it is a timely reminder to banks and the public to stay vigilant across global operations, and to maintain an up-to-date global regulatory strategy.


From the Alert, three banks reported eight cases of unauthorised payment transactions of a total of HK$70,000 over a period of three weeks. It is suspected that the cyber criminals have stolen the customers’ internet banking login passwords to perform the transactions.

Upon the initiation of the payment transactions by the criminals, the relevant banks sent notifications to customers as required by the HKMA’s regulations. After receiving the notifications, the customers contacted their bank to report suspected unauthorized access. The affected banks and customers have reported the cases to the Police. Some of the customers have already been compensated by the relevant banks while others’ cases were still being processed.

We will discuss below three observations:

  • banks’ reporting obligations;
  • two factor authentication (2FA); and
  • customer compensation.

Learn more.


Back to top