Brazen thieves stole at least R90 million in Sassa grants at the SA Post Office’s PostBank, distributed them to various accounts before withdrawing the loot as quickly as possible at ATMs last year.
According to an amaBhungane report, the crime had been kept under wraps by PostBank.
The hack was accidentally recovered by a call-centre operator who noticed that a grant beneficiary had a balance of around R100 000 in their Sassa account.
The criminals are suspected to be Postbank employees or its contractor.
The report alleges that the thieves covered their tracks by creating “malicious and unauthorised” user accounts with privileged access to PostBank.
“These were used to erase audit trails until discovered and disabled by Postbank on 4 November,” according to a report by Ankura Consulting Group, hired to analysed the security breach.
ALSO READ: Post Office in the red and commercially insolvent
Another report produced in December by Maartens focusing on risk management, showed that 279 accounts were used to fraudulently withdraw the funds.
“This modus operandi included only ATM transactions as the perpetrators tried to withdraw the funds as quick as possible. The loss could not be determined with 100% accuracy and final numbers are not fully verified yet.
“The number is not expected to change materially and the loss amounts to R 89,459,330. It is clear from the above that the exploitation of a substandard IT environment by attackers lead to a major loss,” read Maartens report.
The investigators detailed in an internal report that authorities such as the Department of Social Development, the SA Reserve Bank (SARB) were informed about the theft, and that a PRECCA report, in terms of the Prevention and Combating of Corrupt Activities Act guidelines was filed, as required for losses over R100 00.
However, both the department and SARB told amaBhungane they received no correspondence from PostBank about the hack and theft.
In its comment to the publication, Postbank confirmed the theft but reiterated that the money was not stolen from customers but rather from the bank itself.
“Postbank wishes not to provide too much information about the modus operandi of the cybercrime fraud incident in order to protect the sensitive processes of the investigation that is currently underway,” Postbank acting chief executive Kevin Maartens told the publication.
The criminals used cloned cards to withdraw the cash.
NOW READ: Post Office branches closed due to financial troubles
Download our app and read this and other great stories on the move. Available for Android and iOS.