Thane: In a striking cyber fraud case, a police department employee in Thane has lost ₹84,300 from his bank account despite not sharing any banking credentials with anyone. The victim has held the bank responsible for the breach and filed a complaint against both the unidentified hacker and the bank.
The constable, posted in the Zone-1 office, maintains an account with a private sector bank. On the night of February 10, he received two SMS alerts showing debits of ₹50,000 and ₹28,000 from his account.
Loan taken and FD created without consent
When he approached the bank the next day, officials informed him that his email account and mobile number had allegedly been hacked. A subsequent account review revealed that a loan of ₹73,540 had been taken in his name and a fixed deposit of ₹73,000 had been created in favour of another individual. At that time, only ₹11,300 remained in his account, taking the total unauthorised outflow to ₹84,300.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Credit card dues shown despite no card issued
The fraud did not end there. On February 13, he received another bank message stating that ₹51,532 had been spent on a credit card issued in his name and marked as outstanding. The victim has maintained that he never applied for or possessed any credit card.
Complaint filed with cyber police and local station
He first approached the cyber police station and later lodged a complaint at Kalwa police station, alleging security lapses on the part of the bank. Based on his complaint, a case has been registered against the bank and an unknown hacker.
Probe into SIM swap, email breach and system lapses
The case has raised serious questions about banking security, particularly how loans, deposits and transactions were processed without OTP authorisation or customer consent. Investigators are examining possibilities such as SIM swap fraud, email compromise or internal procedural lapses.
Immediate response crucial in such cases
Cybersecurity experts advise victims to immediately notify the bank in writing, freeze the account, change all passwords and report the incident on the cyber helpline 1930.
Police are currently analysing digital logs, IP addresses and transaction trails to identify the perpetrators and determine the method used in the breach.
