According to the police, S-Bank’s system had a security hole that ordinary citizens could take advantage of.
Almost a million euros were taken from S-bank’s customer accounts, the police suspect. OUTI LAKE
Two young people are suspected of a large-scale fraud in which almost a million euros were taken from Finns’ accounts.
It’s about a suspected data breach in S-Bank’s accounts. The police suspect that two young men took advantage of a vulnerability in the bank’s system and took a large amount of money from the customers’ accounts.
The 16- and 23-year-old men have been arrested on suspicion of, among other things, gross payment instrument fraud. They are the main suspects in the skein, whom the police believe orchestrated the whole thing. The two knew each other.
– Carefully estimating, a total of 7-8 people have been more or less involved in the matter, says the crime commissioner Klaus Geiger From the police of Western Uusimaa.
Other suspects have contributed to the crime, for example by using money.
Money for a “sweet life”
The police suspect that the imprisoned duo took a total of 940,000 euros from the accounts of S-Bank’s customers.
– There are indications that various loans have been taken out using bank IDs.
There is no certainty yet about the criminal benefit of possible loans, as the loans taken out become clear to the account owners only when the payments begin to fall due.
Different games have also been played with the money and profited from them. This is also counted as proceeds of crime.
Geiger believes that the criminal benefit will rise to more than one million euros.
According to the police, the suspects used the money they took for a “sweet life”. A very small part of the money has been recovered. The police are working to find out if there is any money left.
– There are indications that money has been put into bitcoins and special accounts. These are very challenging to figure out.
The police discovered a series of frauds
The series of frauds investigated by the police is apparently due to two factors. First of all, there was a vulnerability in S-Bank’s information system, which ordinary citizens began to take advantage of. In addition, there was chance when the suspects noticed the vulnerability.
So it’s not about any huge hacker group.
– But yes, some kind of information technology know-how and innovation have been required.
The works started at the beginning of May this year and ended at the end of July.
Right from the beginning, the police received crime reports from the victims, which were investigated. It was soon noticed that the acts do not seem like traditional fishing frauds, which are related to international crime.
– The method was exceptional compared to fishing fraud.
The police soon realized that it might be a series of frauds. At the same time, the police also contacted S-Bank about the matter.
Hundreds of thousands of euros left the account
According to the police’s information at the moment, there are 53 acts that have been committed, i.e. payment instrument fraud. In one case, almost half of the estimated criminal proceeds of the entire skein, i.e. more than 400,000 euros, were taken from a person’s account. The other amounts taken from the accounts ranged from thousands of euros to around one hundred thousand euros.
In addition to these, the police are investigating approximately 150 data breaches. These are about the fact that the suspects, for one reason or another, did not take money from the accounts, even though they got into the online bank.
– One reason could be that there was not enough money in the account. The act has remained at the level of the company.
Criminal titles in the police investigation include at least aggravated payment instrument fraud, aggravated money laundering and data breach.
The police are also investigating the bank’s responsibility. So far, the bank is not suspected of crimes.