A WAVE of unauthorized transactions hit Bank of the Philippine Islands, triggering fears of hacking even as company officials said Wednesday it was an internal computer error.
BPI customers on Wednesday were unable to access their accounts online after many shocked to see unauthorized withdrawals and deposits.
BPI said in a statement the problem was caused by an “internal data processing error” that had been identified.
Efforts to fix the problem were “progressing well” and the glitch was expected to be resolved within the day, the bank added in a new statement.
Online transactions remained suspended but bank branches were open, although transactions took much longer.
“We wish to assure all clients that the integrity of their transactions and account balances will be maintained,” it said.
In a briefing, BPI Senior Vice President Catherine Santamaria assured bank clients that no money would be lost, despite what appeared to be unauthorized transactions on their accounts.
“We would like to apologize for all the clients who were affected by the current situation,” she said.
“We realized there was an internal…system issue [and] we are now addressing it. We have put down all our electronic channels so that we can immediately address the situation.”
She denied rumors of hacking, saying BPI had “the highest security standards.”
“It’s a system data error. It looks like your account balances either went up or down but the money is in the bank,” Santamaria said.
Nestor Espenilla, the incoming governor of the Bangko Sentral ng Pilipinas, said they had accepted “for now” BPI’s explanation that no hacking was involved, but would still conduct its own probe.
“We have no reason to believe otherwise at this point of time, but as I said this is standard operating procedure, we always verify every incident that we are aware of,” Espenilla said in a radio interview.
“For now I think it’s important that BPI resolves it as quickly as possible. We take their assurance that this is not a hack and no money will be lost.”
The bank said the error had led to some transactions between April 27 and May 2 to be “double posted” starting on Tuesday.
Santamaria said that only a small portion of its clients was affected by the glitch and that most of them are in Metro Manila.
BPI had 7.9 million clients and P1.4 trillion in deposits as of the end of 2016, according to its annual report. The bank’s shareholders include Ayala Corp., the Roman Catholic Archbishop of Manila and Singapore’s GIC Private Ltd. It is the country’s fourth largest bank in terms of assets.
A statement issued by the bank reminded customers that their efforts to resolve the problem would not require them to submit any personal data to any party in e-mails or any third-party site, as a precaution against phishing.
The bank pinned its advisories to the top of its Twitter feed, which was inundated with posts from users seeking answers or complaining that their account balances or banking services had been affected.
One Twitter user, identified on her account as Mary Jane Nario, 22, said: “As of the moment, most of my workmates and I had a negative balance on our BPI payroll account. Is this a system problem?”
Some posts speculated that the bank had been targeted by hackers, a rumor denied by BPI president Cezar Consing in an interview with ABS-CBN News Channel.
A customer named Belle tweeted: “I had 3 unauthorize atm withdrawals! What the heck! I don’t have any money left on my Personal acct!!”
“They didn’t only take my savings, I am now in debt,” read a Tagalog post by iamEm-em on a BPI Twitter page.
A user called wild flower wrote: “I lost my money… I only have 15 pesos (30 US cents) left on my pocket. How can I go home? Fix it please.”
The world has been on edge about hacking incidents following the world’s biggest ransomware attack last month that struck hundreds of thousands of computers worldwide.
Pia Roman Tayag, head of BSP’s Financial Consumer Protection Department, said in a briefing that the regulator would conduct its own investigation into the BPI incident.
Tayag reminded the banking public to be very extra careful in sharing personal information online and to always know the balance in their accounts.
“You must always be vigilant when you post online. Social media has a lot of benefits. But if you post too much information, it could be detrimental to you,” Tayag said.
She said Bangko Sentral has issued several advisories in the past, reminding the public to always be vigilant and avoid sharing personal information online to avoid phishing scams. With AFP and Bloomberg