Idris Dayo Mustapha, 33, has pleaded guilty in a New York court for participating in bank hacking spanning over seven years. The scheme involved hacking into the servers of banks and brokerages, leading to customer losses exceeding $6 million.
Mustapha, born in Lagos, was apprehended in the UK in August 2021 and extradited to the U.S. the same year. His sentencing is scheduled for April 3, 2024, with a potential maximum sentence of 20 years. The accused and associates allegedly used phishing and other methods to acquire usernames and passwords from January 2011 to March 2018.
The cybercriminals moved funds and securities from victims’ accounts, executing unauthorized stock transactions and conducting profitable trades in compromised accounts. The legal case is identified as U.S. v. Mustapha, filed in the U.S. District Court, Eastern District of New York.
Cybersecurity Concerns for Banks
The Federal Reserve Bank of New York highlights the high risk of spillover effects from cyberattacks due to the interconnected nature of the banking system.
A cyberattack on any of the five most active U.S. banks could affect 38% of the network. Experts warn of susceptibility to state-sponsored cyberattacks from countries like Russia, China, and North Korea.
Impact of Bank Hacking on Banks and Customers
While consumers are relatively protected from routine cyberattacks, business accounts have fewer protections. U.S. law requires banks to refund money taken from customers’ accounts without authorization if reported within 60 days. Cyberattacks affect banks through monetary loss, increased cybersecurity costs, decreased customer trust, and operational disruptions.
Losses from cyberattacks average $5.97 million per breach for financial organizations, according to a 2022 IBM Cost of a Data Breach Report. Ransomware, phishing, trojans, and spoofing are common threats against banks. The escalating threat of cyberattacks raises concerns about the solvency of major banks in the long run.