“In the Mexican financial sector, specifically a Sociedad Financiera Popular (Sofipo) in 2024 had a computer breach in the transfer service that involved false transfers and loss of money,” the official explained.
Data from the Bank of Mexico (Banxico) show that the attack occurred last March and although it did not affect customers, the Sofipo suffered losses of 124.11 million pesos.
Three of the attacks resulted in information leaks from financial institutions, while one institution suffered information exposure on the Internet.
So far this year, there have also been two ATM breaches, two attacks on companies that provide services to financial institutions, and two more cases of credential theft.
Lima Gomez explained that attacks or attacks occur every day hacksbut only these 15 managed to affect the institutions, which end up paying the consequences.
“In 2022, a bank and a brokerage firm had a computer breach in the transfer service: they basically hacked the systems and generated fake transfers,” the official explained.
The CNBV stressed that information leaks are recurrent in entities and the main causes are the lack of controls and awareness on the part of employees.
They also occur due to a lack of perimeter prevention tools for the infrastructure or a lack of system updates.
The Commission expressed concern that not all entities that suffer a cyber attack report it to the authorities.
“Several entities are required to report (incidents) and some are not required to report them. Unfortunately, it is common for them not to do so, valuing their reputational risk more than the operational and financial risk they could run,” he said.