Tuesday, May 26, 2026
Today's Edition

EveryNews

Stories that matter, signal over noise
Finances

Attack on A-Bank (Surkis): temporary account debits and questions about the cyber resilience of major banks

A‑Bank reported a large-scale cyberattack overnight on February 16: some customers discovered unauthorized withdrawals, and the bank says the funds have been returned. Why this matters for your wallet and for trust in the financial sector.

Tetiana Suchkova-Ladik

By Tetiana Suchkova-Ladik

February 19, 2026 · 2 min read

Attack on A-Bank (Surkis): temporary account debits and questions about the cyber resilience of major banks
Фото: А-банк

What happened

On the night of February 15–16, A-Bank recorded one of the largest cyberattacks in its history: some customers noticed unauthorized debits from their accounts. The bank confirmed the incident in a statement and said it had refunded the affected customers.

What the bank says

"On the night of February 15–16 we suffered one of the most extensive hacker attacks. Some customers experienced unauthorized debits. This was a new attack previously unknown to the banking system. However, we can now say with confidence: we handled it, repelled it, and prevented similar attempts in the future."

— A-Bank press service

"None of our clients suffered financial losses."

— A-Bank press service

Threat context

A-Bank is among the top 20 Ukrainian banks by assets (UAH 45.8 billion as of January 1, 2026) and is owned by the family of Grigory and Ihor Surkis. The incident shows that even large institutions remain targets for sophisticated cyber operations. In November 2025 cybersecurity experts discovered new Android trojans BankBot-YNRK and DeliveryRAT, which disguise themselves as legitimate apps and steal financial data — part of a broader wave of attacks on online banking.

Why it matters to you

The issue is not only about refunding money — it is about trust in the payment infrastructure. When large banks register successful attacks, it heightens the risk of social panic, increased requests for withdrawals, and strain on the system. The practical takeaway for customers is simple: check your statements, enable two-factor authentication, respond to suspicious messages, and contact your bank at the first sign of a problem.

What regulators and banks should do

The expert community emphasizes the need for a transparent investigation of the incident, audits of cybersecurity, and public recommendations for protecting customers. This is not only a technical matter — it is an element of national resilience: the stability of the financial sector during the war and after it directly affects the country's economic security.

Conclusion

The bank reports that affected customers' balances have been restored, but the incident served as a signal: banks' digital security needs systemic investment and transparent communication with clients. Whether these demands will become the new norm for Ukrainian financial institutions is a question for regulators, banks, and citizens alike.

Related

Latest

Business

EU Against Google: Why the Latest Fine Could Change More Than Previous Ones

# European Regulators Target Google Again — This Time Over Digital Markets Act Violations. What's Behind the Accusations and Why It Matters Beyond the Corporation European regulators have renewed their scrutiny of Google, this time focusing on alleged violations of the Digital Markets Act. The charges underscore Brussels' increasingly aggressive stance on big tech monopolies and what officials say are anticompetitive practices. The accusations center on how Google leverages its dominance across multiple digital services — from search to advertising to mobile platforms — to disadvantage competitors. Regulators claim the company is using its market power in ways that stifle innovation and limit consumer choice. The case carries significance far beyond Google itself. It signals how the EU is attempting to enforce its landmark Digital Markets Act, legislation designed to curb the gatekeeping power of tech giants. A potential penalty could set precedent for how other large technology companies face similar scrutiny. For consumers and smaller tech firms, the outcome could reshape the digital landscape by creating more room for competition. For Google, fines and operational restrictions could fundamentally alter its business model in Europe, the world's most stringent regulatory market. The case also reflects a broader geopolitical divide, with the EU pursuing a regulatory approach that contrasts sharply with the lighter-touch oversight favored in the United States.

May 26, 2026