Nigerian bank falls victim to $40 million insider cyber-heist

Nigerian bank falls victim to $40 million insider cyber-heist

Nigerian police are on the hunt for an IT staffer at Skye Bank who hacked into the bank's systems and transferred $40 million to a raft of bogus accounts before going on the run.

Thirty-eight year old Isoko resident Godswill Oyegwa Uyoyou is alleged to have conspired with a criminal gang to access the bank's computer system and inflate the balances of various accounts.

Uyoyou, who worked in the information and communication technology department of Skye Bank, allegedly provided the gang with physical access to the bank's computer servers under the pretext of carrying out weekend maintenance.

The gang were in the process of withdrawing the cash when the heist was rumbled. So far, no arrests have been made and the bank has yet to issue any statement as to how much cash was lost to the fraud.

The country's Economic and Financial Crimes Commission has issued a warrant for Uyoyou's arrest after a raid on his stated address drew a blank.

Comments: (3)

A Finextra member
A Finextra member 16 September, 2014, 05:39Be the first to give this comment the thumbs up 0 likes

Addressing the aspect of people risk is the only way an organisation can improve the way their people respond to a situation of risk and the effectiveness of their risk management function.

Risk Culture Building is the process of growth and continuous improvement in the way each and every person in an organisation will respond to a given situation of risk as to mitigate, control and optimize that risk to the benefit of the organisation.

Those who are not good at Risk Culture Building, or do nothing, will be exploited by those who are better and have an effective Risk Culture

Read more about Risk Culture Building here:


A Finextra member
A Finextra member 16 September, 2014, 10:44Be the first to give this comment the thumbs up 0 likes

The age old problem of theft! Regardless of the platform, channel, technology, etc it is inevitable that theft, or attempts at it, will occur. Wherever there's percieved opportunity / 'reward' there will be crime. This is human nature I'm afraid. So to my mind there are a few things we need to continually improve on: 1. Minimize the opportunty e.g. via granular authorization (increased difficulty) for access to sensitive systems; 2. Improve crime detection and offender capture rate (improve policing); 3. Increase the risk element of the crime via stern custodial sentences (judicial participation). Lastly, we mustn't celebrate such crimes or dismiss them as being harmless (social participation) - it is socially unacceptable to defraud fellow citizens and instuitutions. The propensity for such crimes will always be there, our aim has to be to minimize their attractiveness and success rate.   

A Finextra member
A Finextra member 23 September, 2014, 00:08Be the first to give this comment the thumbs up 0 likes

I am not surprised. As the COO of a consulting company focussed on preventing exploits and threats of this type in the banking industry, many of the risk managers, executive managers and info security managers I have met in Nigeria are extremely naive, unaware of the real risks and not focussed on fraud prevention. Many just implement solutions primarily aimed at meeting regulatory compliance and not implementing any multi-layer approach to security. There is total lack of accountability as no one is ever fired for these heists. The responsible risk managers just blame it on the software, the vendor, anybody but themselves. This is TOTAL FAILURE OF CONTROL and the responsible people starting from executive management should be penalized and possibly fired.