Skip to main content

Hackers take off with $5million from Irish airline Ryanair

It's one thing to have your personal bank account hacked, you may lose a few dollars or worse a small fortune.

However you would expect corporate accounts to have added security, preventing such a devastating event.

That's clearly not the case. While we've seen point-of-sale systems hacked and customer data stolen, this time it was actually a company bank account that was robbed.

Irish airline Ryanair had its corporate account plundered by hackers to the tune of $5 million, or €4.6 million. The money apparently disappeared from accounts used to fund the fueling of the company's planes, not a cheap task and perfect for not immediately ringing alarm bells.

This isn't an entirely new scenario, as security researchers at IBM discovered malware designed with this intent. "IBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organisations", states John Kuhn of IBM.

The Ryanair breach was discovered late last week and reported in The Irish Times, who received a brief statement from company - "Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week". No further word is expected because of pending legal action.

According to security blog Hot For Security, this money was transferred out through a Chinese bank, and Irish authorities are now looking into the matter. It illustrates that nobody is entirely safe online, not even the big corporate players.

Rob Norris, Director of Enterprise & Cyber Security in UK & Ireland at Fujitsu, commented: “As the sophistication of security threats continue to increase, it has never been more important for organisations to have the appropriate tools and services in place to protect themselves from fraud.

"The amount of data and confidential information that is transacted every day, coupled with the growth in reliance on digital services, means that many businesses are at risk – making them an easy target in the eyes of a cyber-criminal.

“Organisations can no longer afford to make mistakes in security and should look to make fraud security part of its security programme. By communicating from the top down what cyber security means to its business, CSOs can help all employees to recognise their responsibility in ensuring the company is adequately prepared to manage threats.

"As well as this, CSOs should act as the “business enabler” by making sure that business runs as usual and everything is secure by default.”