By Our Reporter
A weekend hack on mobile money systems led to a loss of about sh1 billion from Stanbic Bank, Airtel and MTN according to a Police Cyber Crime Unit detective, New Vision reports.
According to Police detectives, the yet to be identified hackers worked closely with an employee of Pegasus Technologies to accomplish their crime.
Pegasus, is one of the leading aggregators that integrates mobile money transactions between the three top companies. This is the company behind the technology that enables customers to pay utility bills, TV or school fees.
On Saturday 3rd, a few days after thousands of employees are normally paid by companies, bank and mobile money customers were unable to move their money from bank accounts to mobile wallets. The systems were allegedly hacked according to Police, which saw the trio shut it down.
“The hacking is similar to that when Africell telecom was attacked in March and sh1.5 billion stolen. The same tactics were used with the help of insiders,” the New Vision quoted the Police detective as saying.
Police said the hackers infiltrated Stanbic, MTN and Airtel aggregator, transferred the money and later cashed out the funds. Its alleged that the hacked used about 2,000 SIM cards to withdraw the money.
They reportedly initiated cash withdraw requests to Bank of Africa and Stanbic Bank. To both financial institutions, the requests seemed genuine and the cash was released. This money was distributed across 2,000 SIM cards and withdrawn from different agent locations in the country.
However, a joint statement from Stanbic Bank, Airtel and MTN indicated the breach had no impact on customer balances.
“This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analysing the incident and will restore services as soon as possible. We apologise to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services,” the joint statement dded.
Top 2019 Cyber Crime cases in Uganda
Between March and April 2019, unknown persons gained unauthorized access to MTN Mobile Money Systems and fraudulently transferred sh 802 million to various MTN Mobile numbers which was later withdrawn at different mobile money outlets.
Investigations established that between March 13th 2019 and April 22nd 2019, 112 MTN Subscriber SIM cards were fraudulently swapped where by sh 802,476,500 was fraudulently transferred and withdrawn. The owners of the agent SIM cards and beneficiary SIM cards were not aware of the received money.
Between May 14th 2019 and May 20th 2019, unknown persons gained unauthorized access to various DFCU Bank Accounts and fraudulently transferred sh 438 million to various MTN and Airtel Mobile numbers which was later withdrawn at different mobile money outlets.
Between August and December 2019, Centenary Bank Accounts registered on Mobile banking were hacked and money worth sh 800 million was fraudulently transferred to approximately 100 SIM cards and withdrawn without the consent of the registered owners. The investigations are still on going according to Police.
Between May and June 2019, True African systems were hacked and money amounting sh116 million was fraudulently transferred to 303 SIM cards (both Airtel and MTN) and withdrawn without the consent of the registered owners.
Between 07/09/2018 and 16/09/2018, the float accounts of Beyonic Ltd were hacked and payments amounting to sh 2,6 billion were effected from the float accounts of Beyonic Ltd (Airtel-Uganda and MTN-Uganda) on behalf of OffTrack Vendors Africa Ltd to 83 different MTN and Airtel Mobile money accounts without any money being received by Beyonic Ltd from Off-Track Vendors Africa Ltd.
The beneficiary SIM cards had been registered without the consent of the registered owners. On interviewing, the registered owners had no idea of their SIM cards that received the money