Bank Security Chief Exploits ATM Flaw to Steal 1 Million US from Employer

2019, Breaches, February

Who: Huaxia Bank

# of Records: Undetermined – Over 7 million Yuan

When it occurred: November 2016 until January 2018

What Happened: Chinese bank’s software chief was jailed after finding way to withdraw US $1m in ‘free’ cash from ATMs

How it Happened: 43-year-old Qin Qisheng exploited a ATM software flaw that allowed him to withdraw over 7 million yuan (upwards of $1 million USD) from Huaxia Bank ATM’s. According to the reports, the bank’s system didn’t properly record withdrawals made around midnight — effectively spitting out cash without removing the total from a user’s account. Qisheng started pulling out money in November 2016, but it wasn’t until January 2018, some 1,358 withdrawals later, that the bank discovered the bad code in its system and brought him to the authorities.

Outcome: Huaxia Bank reportedly asked police to drop the case — reportedly accepting Qisheng’s explanation that he was merely testing the bank’s security and was holding onto the money for the bank to reclaim. The courts refused, though, and Qisheng is now looking at 10 and a half years in prison after losing his appeal. They didn’t buy the argument, considering that he’d moved the money to his personal bank account, instead of the bank’s dummy account, and had apparently been investing some in the stock market, too.