Budget airline Ryanair has admitted falling victim to an online cyber-incident recently which resulted in the transfer of nearly $5m out of one of its bank accounts.
Some €4.6m was removed from the account in question last week by an online transfer via a Chinese bank, according to the Irish Times.
“Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds, less than $5m, have now been frozen,” the company said in a statement.
“The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur. As this matter is subject to legal proceedings, no further comment will be made.”
The Criminal Assets Bureau in Dublin is apparently liaising with its Asian counterpart, the Korea-based Asset Recovery Interagency Network Asia Pacific, in an effort to locate and retrieve the funds.
The account which has been raided was used by Ryanair to buy fuel for its aircraft, according to the report.
It’s still unclear exactly how the fraudsters managed to hack the account. One theory would be via the use of a banking trojan such as Zeus.
Rob Norris, director of enterprise and cybersecurity at Fujitsu UK & Ireland, argued that businesses' growing reliance on digital services is exposing them to ever greater risk.
“Organizations can no longer afford to make mistakes in security and should look to make fraud [prevention] part of [their] security program,” he added in a statement.
“By communicating from the top down what cybersecurity means to its business, CSOs can help all employees to recognize their responsibility in ensuring the company is adequately prepared to manage threats. As well as this, CSOs should act as the ‘business enabler’ by making sure that the business runs as usual and everything is secure by default.”