News and resources on cyber and physical threats to banks and fintechs worldwide.
Ray-Ban manufacturer sues JPMorgan over $272 million cyber theft

Ray-Ban manufacturer sues JPMorgan over $272 million cyber theft

The French manufacturer of Ray-Ban glasses is suing JPMorgan for failing to stop suspicious transactions after cybercriminals looted $272 million from its New York account.

JPMorgan should have detected, reported and blocked suspicious payments that occurred in the last few months of 2019, Essilor said in a lawsuit filed in New York on Monday.

The criminals had recruited one of its employees in Thailand to make the fraudulent transactions, which resulted in regular monthly transfers jumping from $15 million to $100 million.

Essilor Manufacturing says JPMorgan ignored the numerous red flags that should have been raised from the unusual pattern of transactions. The French firm says the cash transfers were all made “in round dollar amounts (i.e., no cents), which was a dramatic departure from prior periods where round dollar transfers were relatively infrequent.”

Furthermore, the money was deposited in shell companies at regional banks in high-risk jurisdictions, says the firm.

Essilor says it has so far recovered all but $100 million of the looted cash.

JPMorgan has declined to comment.

In his annual letter to shareholders earlier this month, chief executive Jamie Dimon boasted about the bank's ability to “protect clients’ assets and clients’ money in movement. They also help customers — from protecting their data and minimizing fraud and cyber risk.”

Comments: (2)

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 27 April, 2022, 12:59Be the first to give this comment the thumbs up 0 likes

Essilor is right in pointing out JP Morgan's weakness in fraud and risk management that pointed correctly.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 28 April, 2022, 17:37Be the first to give this comment the thumbs up 0 likes

"suspicious payments that occurred in the last few months". 

Notice the plurals: payments and months.

So, $272M was lost not in a single transaction but over multiple payments spread over several months. Essilor, to whom the account belongs, somehow does not notice the suspicious nature of these payments but magically expects the bank to have done so.

Nice try Essilor. I hope the court not only throws out its lawsuit but also fines it for sleeping at the watch and failure to perform its fiduciary duty towards its shareholders.