Affected customers assured of refunds BSP, CIMB Bank act fast on cybersecurity incident

CEBU, Philippines — CIMB Bank Philippines, a unit of Malaysia’s CIMB Group, has moved quickly to address incidents of unauthorized fund transfers affecting customer accounts.

In a statement, the Bangko Sentral ng Pilipinas (BSP) confirmed it is closely coordinating with the bank to ensure a full resolution.

According to BSP, CIMB committed to refunding affected customers, stressing that no one would bear financial losses. Refunds have already begun following preliminary investigations.

The BSP pledged to maintain oversight until the matter is fully resolved, reaffirming its mandate to protect financial stability, consumer welfare, and public trust.

The incident highlights the growing cybersecurity risks facing the Philippines’ banking sector as it pushes further into digitalization.

Launched in 2018, CIMB Bank Philippines operates entirely online and has built a customer base of over six million. Its parent, CIMB Group, headquartered in Kuala Lumpur, ranks among ASEAN’s largest banks, known for its emphasis on digital innovation and financial inclusion.

CIMB’s response to the incident reflects its global values of transparency, accountability, and a customer-first ethos. “Our priority is to protect customers’ interests and maintain confidence in our platform,” the bank said.

Preliminary investigations suggest the unauthorized transactions stemmed from phishing and social engineering attacks rather than internal system flaws. CIMB has since tightened its security protocols and enlisted forensic experts to assist.

Adopting a no-blame approach, the bank has focused on restoring customer trust through prompt refunds and expanded cybersecurity education efforts.

Meanwhile, the BSP advised the public to rely only on official communications to avoid misinformation and panic.

Data from BSP shows that digital banking in the Philippines has surged, with electronic payments now comprising over half of retail transactions.

CIMB’s mobile-first model fits the government’s financial inclusion agenda but also exposes it to rising cyber threats.

Analysts note that how banks manage crises often defines their long-term standing. CIMB’s quick action has been praised as a model of responsible digital banking.

BSP Governor Eli Remolona highlighted the importance of proactive regulation, referencing measures like Circular No. 1140, which strengthens financial institutions’ resilience against cyber threats.

The BSP’s collaboration with CIMB reflects a regulatory environment that prioritizes consumer protection without stifling innovation.

Beyond compensating customers, CIMB is ramping up its cybersecurity defenses, developing enhanced biometric authentication, multi-factor security protocols, and AI-driven fraud detection systems. The bank is also intensifying efforts to educate customers about phishing risks and mobile security.

In a report, Vijay Manoharan, CEO of CIMB Bank Philippines, emphasized that the incident would serve to reinforce, not diminish, the bank’s commitment to safe and inclusive digital banking.

Despite initial concerns, investor sentiment around CIMB Group Holdings Berhad remained stable, with shares largely unaffected following the disclosure.

Industry observers believe the incident could act as a catalyst for broader reforms in the digital banking sector, including enhanced authentication standards and industry-wide fraud prevention initiatives.

The BSP is reportedly considering forming a task force composed of banks, fintechs, and cybersecurity experts to set best practices for future risk mitigation. — (FREEMAN)