PKO BP Addresses Aftermath of Major Outage as Cybercriminals Target Bank Customers

Poland's largest bank, PKO BP, grappled with a severe IT infrastructure failure that completely cut off thousands of users from access to their money. The technical issues affected the iPKO online banking system, the IKO mobile app, and the helpline, preventing the execution of transfers and card payments at retail points. While the institution officially announced the restoration of system functionality and apologized for the inconvenience, the incident sparked a lively discussion about the stability of digital financial services in Poland. Following these events, other institutions, including ING Bank Śląski, announced planned technical maintenance, requiring consumers to secure payment means in advance. Concurrently, the Polish banking sector is facing an unprecedented escalation of phishing attacks. Security experts have identified campaigns targeting Bank Pekao S.A. customers, involving the distribution of emails with malicious attachments. Similar manipulation mechanisms have been used against users of the Revolut app and the Netflix service, where criminals cynically exploit the theme of alleged subscription suspension. Concerning data is also coming from abroad – 2025 figures indicate a more than two-hundred-percent increase in fraud conducted via the Telegram messenger, which has become a base for organized criminal groups. The history of Polish electronic banking dates back to the 1990s, but the last decade has brought a complete migration of services to the mobile sphere, radically increasing users' vulnerability to social engineering attacks.The situation for cash users is further worsened by changes in cash distribution systems. Some ATM networks have introduced strict limits on single withdrawals, forcing customers to use alternative methods such as cashback at retail points. In this context, the BLIK system is playing an increasingly significant role as a safer alternative to physical payment cards, although it is also not free from attempts to extort codes by fraudsters. „Informujemy, że utrudnienia w dostępie do IKO i iPKO zostały usunięte. Przepraszamy za wszelkie niedogodności wynikające z tej sytuacji.” (We inform you that the difficulties in accessing IKO and iPKO have been resolved. We apologize for any inconvenience resulting from this situation.) — PKO BP Statement The threat also extends to the administrative sphere, especially during the tax settlement period. Warnings have appeared for individuals filing e-PIT about fake messages from tax offices. Drivers, in turn, must be wary of SMS messages regarding alleged fines or road tolls, where changing a single letter in the website address leads to a spoofed payment gateway, resulting in the complete draining of the victim's account.