How Did Capillary Technologies Become a Victim of a Deepfake Cyber Fraud?
Capillary Technologies, a customer loyalty and engagement platform, has disclosed that one of its recently acquired overseas step down subsidiaries suffered a sophisticated deepfake enabled banking fraud, resulting in the unauthorised transfer of approximately €3 million (around ₹32.7 crore).
In a regulatory filing, the Bengaluru-based company said cybercriminals used advanced deepfake technology, including AI-generated voice cloning, forged signatures, and social engineering, to impersonate the company’s Key Managerial Personnel (KMPs) and fraudulently authorise bank transfers to third party accounts.
The incident highlights the growing threat of AI-powered financial fraud, where cybercriminals are increasingly exploiting deepfake technology to bypass traditional verification processes.
How Is Capillary Recovering the Stolen Funds?
Following the discovery of the fraud, Capillary Technologies immediately initiated recovery efforts in coordination with law enforcement agencies, cybercrime authorities, and banking partners.
The company confirmed that it has already recovered €0.45 million (approximately ₹4.9 crore). It also revealed that additional funds have been successfully traced and the related bank accounts have been frozen, reducing the amount currently at risk. However, the exact value of the frozen funds is still being assessed.
Capillary further stated that the affected overseas subsidiary is protected under a cyber and crime insurance policy, and the insurer has been informed about the incident. The company is currently evaluating the extent of insurance coverage and the overall financial impact.
Was Customer Data or Company Systems Compromised?
Capillary Technologies clarified that the cyberattack was limited to a banking fraud and did not involve any breach of customer data, employee information, or the company’s technology infrastructure.
According to the company, there is no evidence of any compromise involving its digital platforms or operational systems. It also confirmed that all business operations continue without any material disruption and that the incident has not affected its products or services.
This distinction is significant, as many cyberattacks involve both financial fraud and data breaches. In this case, the company indicated that the attackers primarily targeted banking authorisation processes through identity impersonation.
Why Was the Stock Exchange Disclosure Delayed?
Capillary explained that the incident occurred just before the weekend, requiring the company to prioritise immediate recovery efforts instead of making an instant public disclosure.
Management focused on coordinating with banks, freezing suspicious accounts, and working with investigative agencies to maximise the chances of recovering the transferred funds. According to the company, these urgent operational measures led to a delay in informing the stock exchanges.
The company has since disclosed the incident through a regulatory filing while continuing recovery proceedings.
What Does This Mean for Businesses Facing AI-Driven Cyber Threats?
The incident underscores the rapidly evolving risks posed by AI-powered cybercrime, particularly the use of deepfake technology for financial fraud. As artificial intelligence becomes more sophisticated, cybercriminals are increasingly using voice cloning, synthetic identities, and forged digital communications to deceive employees and bypass internal approval mechanisms.
For businesses, the case serves as a reminder that traditional verification processes may no longer be sufficient against advanced impersonation attacks. Companies are increasingly adopting multi-layer authentication, independent payment verification, employee awareness training, and AI-driven fraud detection systems to strengthen cybersecurity.
While Capillary Technologies has stated that the incident will not alter its annual or long-term business objectives, the fraud highlights the growing importance of robust cyber governance and financial controls in an era of increasingly sophisticated AI-enabled attacks.
