Unidentified hackers have stolen EUR40m from German supplier Leoni's Romanian subsidiary using only some cloned email accounts, a local report said.
Leoni's financial director in Romania apparently wired the money into a bank account provided by the hackers via email as she thought the emails came from her bosses in Germany, romania-insider.com reported.
On 16 August, Leoni announced the loss of EUR40m following fraudulent activities, which may have involved hackers.
The stolen sum represents about half of the German group's net profit and almost 1% of its turnover in 2015. However, nobody knew at that time that the fraud occurred at the group's subsidiary in Romania, the report said.
"Leoni AG realised on Friday, 12 August, 2016, that it had become the victim of fraudulent activity with the help of falsified documents and identities and the use of electronic communication channels. As a result, company funds were transferred to accounts abroad," the company said in a press release.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
The company didn't go into details about this massive fraud and said only that its board had launched an investigation into the events and had also reported the matter to the police criminal investigators.
On the same day that Leoni made this announcement, the prosecutor's office within the Bistrita Court in Romania received a complaint about a EUR37m fraud from Leoni's subsidiary in Bistrita, in central Romania. As the damage was very big, the prosecutors passed the case to the Directorate for Investigating Organised Crime and Terrorism (DIICOT).
According to preliminary information, the fraud may have been coordinated by a group of hackers who cloned the email accounts of Leoni directors from Germany. They used those false email accounts and asked the financial director of the group's Romanian subsidiary to wire almost EUR40m into a bank account.
According to romania-insider.com, the Leoni financial director in Romania apparently followed the company's internal protocol and wired the money. The money went to a bank account in the Czech Republic, according to unofficial sources quoted by Adevarul.ro.
The hackers apparently knew the company's protocols, including the fact that directors in Germany had asked for money transfers via email before. However, the investigators haven't yet determined if the Leoni financial director in Romania worked with the hackers or simply followed what she thought were orders from the management in Germany.
Bistrita-based Leoni Wiring Systems Ro manages Leoni's whole operations in Romania. The German group opened its first factory there in 2003, producing cables for car makers such as Mercedes and BMW. The group opened another factory in Bistrita last year. Leoni has two other cable factories in Romania, one in Arad and the other one in Pitesti.
Its local factories have over 12,700 employees and over EUR 530 million yearly revenues, according to official data from the finance ministry.
Leoni had over 74,000 employees in 32 countries and total sales of EUR4.5bn in 2015.