JOHOR BARU, April 5 — A company in Batu Pahat lost RM1.9 million via unauthorised transfers after the company's payment account system was “hacked” by unknown parties, police said today.
Johor police chief Datuk Kamarul Zaman Mamat said following the incident, the company’s accountant reported the incident to the police contingent headquarters here on March 28.
“The 41-year-old woman, who was overseeing the company’s accounts, claimed that there was an intrusion into her company's payment system that saw the money being transferred out to several unknown parties.
“The incident had caused the company to make a loss of RM1.9 million,” he said in a statement here.
Kamarul Zaman said that initial investigations revealed that the company had used a bulk payment method from a local bank to make payments to suppliers on a monthly basis.
A bulk payment method is a bank system that allows a payer to make multiple debit payments from a single debit account to a bulk list, such as staff salaries or payment to suppliers.
Through the method, Kamarul Zaman said the company will register the name, account number of the supplier as well as the payment amount that needs to be made in the system.
“Every month the company will only enter the payment value without changing any data on the name of the recipient’s company and account number before sending to the bank for payment,” he said.
Kamarul Zaman said that on March 27, the complainant checked the recipient of the bulk payments made on March 24 and found that there were 10 payment transactions to companies that had been changed on the bulk payment list.
He added that the 10 recipients were unknown parties that had no dealings with the company.
“The complainant believes that the company's bulk payment system was hacked causing the recipient's details to be changed to another party,” he explained.
Kamarul Zaman said the case is being investigated under Section 4(1) of the Computer Crime Act 1997, and those convicted could face a maximum fine of RM150,000 and 10 years imprisonment or both.
He advised the public to be careful when making online payments and to check if it was for the intended recipients.
“The recipient details should be checked first to make sure they are the right party before making the payments.
“The public can also contact the National Scam Response Center (NSRC) through the 997 hotline in an effort to block the money transfer going out to the parties concerned,” he said.