SHIMLA, May 18 — In a major cybercrime incident, the Himachal Pradesh State Cooperative Bank has reported a loss of ₹11.55 crore after cyber fraudsters infiltrated its system through the compromised mobile phone of a customer.
According to officials, the breach originated from the Halti branch in Chamba district. Hackers first gained access to the customer’s mobile banking app, and from there infiltrated Himpesa, the bank’s mobile banking platform. Using the compromised access, they executed a series of unauthorized National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) transactions.
The fraudulent transactions, which took place on May 11 and 12, went undetected initially due to a gap in transaction monitoring caused by public holidays. The bank reportedly only discovered the breach on May 14 after receiving the transaction report from the Reserve Bank of India (RBI).
Upon discovery, the bank immediately lodged a complaint at the Sadar Police Station in Shimla. The case was subsequently handed over to the Cyber Police Station for a detailed investigation.
Deputy Inspector General (Cybercrime) Mohit Chawla confirmed the breach and said a probe was underway. “A team from the Indian Computer Emergency Response Team (CERT-In) is en route from New Delhi to assist with the technical investigation,” he said. “We are working to determine exactly how the breach occurred within the Himpesa application.”
Chawla noted that CERT-In would deploy specialized tools to trace the hackers’ entry point and transaction pathways, with support from the state’s cyber commandos.
In total, the siphoned amount was routed to 20 different bank accounts, all of which are currently under scrutiny.
Bank officials have sought to reassure the public, stating that customer funds are safe and the illicitly transferred amounts have been frozen. “We have taken immediate action to secure the systems and are working to strengthen cyber defenses,” a senior bank officer said.
The bank also reiterated its commitment to system upgrades and enhanced cybersecurity protocols to prevent such incidents in the future.
