Yes, €50 million.
Aerospace parts manufacturer FACC posted a notice on its website last week stating, “the financial accounting department of FACC Operations GmbH was the target of cyber fraud.” It continued: “The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims.”
Information on the theft and how it occurred is minimal (the above is pretty much it), but my assumption is that it’s wire fraud conducted by a spear phishing campaign. I’m assuming this because it’s not uncommon for financial departments to be tricked into wiring money over to false accounts. In fact, Ryanair suffered a similar attack in which €4.6million was stolen via fraudulent wire transfer. There’s also very few ways to steal €50millon other than by wire fraud, and modern spear phishing is simply an evolution of methods that have been practiced for decades
The stock markets didn’t react so well either, with a 17% drop as of 21/01/2016.
Staggering amount of money
To put into perspective just how large a heist this is, the average cost of a data breach to organisations in 2015 was roughly €3.5million.
I spoke to Alan Calder, the founder and executive chairman of IT Governance, who said: “While the average cost of a data breach is €3.5million, the reality is that some companies get hacked for significantly more – here’s one where the cash loss was €50m, in addition to which is the cost of remediation and reputational damage – and on top of all this is the share price fall. The moral of the story is that you shouldn’t base your planning on the average loss suffered by organisations but on the significant impact a single breach could have on yours.”
More information on this story will be published when made available; subscribe to our Daily Sentinel to make sure you don’t miss out on any updates.