MEXICO CITY — In what could be the plot of a modern-day bank robbery movie, unidentified hackers penetrated the bank-to-bank money transfer system in Mexico, stealing millions of dollars from financial institutions. The theft happened within the past few weeks and is under investigation.

Hackers found a gap in the Mexican inter-banking system known as SPEI (the equivalent of the American ACH) and used it to transfer money to fake accounts. Soon after, they cashed out millions in one of the biggest cyber-thefts in Mexican history.

“Probably the largest ever”, Gricha Raether said, a financial technology expert managing a U.S.-based fintech company in Mexico City. He said the Central Bank's obsolete banking software facilitated the attack.

“What has happened here is the accumulation of lack of interest — or seriousness — in terms of protecting banking and financial systems,” Raether said. "You can always hack into one bank if their systems are vulnerable, but this hits more than one, and the only way to do that is if you control the central managing agency, in this case, Banco de México [Mexico's Central Bank].”

According to reports, at least five financial institutions were attacked, including J.P. Morgan and Citigroup’s Banamex. The Central Bank of Mexico has not provided the names of all the institutions affected nor the exact amount of money that was stolen, but some local media report at least $300 million Mexican pesos (about $15 million U.S.).

Banks will most probably absorb the costs, unless they have insurances to cover their losses. And the banks' customers are not directly affected. However, some companies that use the affected banks for large money operations are not able to make certain transactions — like using their payroll — as some institutions have slowed down or paused activities.

The hack does not affect international transfers and transactions either, unless cases where foreign companies use Mexican accounts in the affected banks for payments and transfers.