Airtel Uganda and MTN Uganda, as well as Stanbic Bank, Uganda’s largest bank that also backs up most of the mobile money transactions were most affected.
In a joint statement released on 5th October 2020, Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda respectively, admitted there was an hacking incident.
“Stanbic Bank Uganda, MTN Uganda and Airtel Uganda inform the public and their customers that on Saturday 3 October 2020, a third-party service provider experienced a system incident which impacted Bank to Mobile Money transactions. All Bank to Mobile Money/Wallet services have since been temporarily suspended. This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analysing the incident and will restore services as soon as possible. We apologise to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services,” the trio said.
Ronald Azairwe, Managing Director Pegasus Technologies Limited, could neither deny nor confirm the incident.
“Sadly I can’t comment on that. I can’t confirm or deny anything of the sort. I can’t speak about it. MTN/Stanbic/Airtel should be able to tell you whether it is Pegasus or not,” he said via phone.
Twiine Charles, Uganda’s Criminal Investigations Directorate spokesperson confirmed that an electronic fraud incident had been reported.
“The fraud incident has been reported. We are constituting a team of electronic countermeasures investigators and investigations begin effective tomorrow,” he said.
A source at one of the affected companies said that hackers broke into the system of Pegasus Technologies on Thursday night.
“From Thursday night, the hack went on undetected until Saturday. By this time, hackers had sent themselves almost UGX1.3 billion but had managed to withdraw UGX900 million from Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders. When the fraud was detected all transactions going through Pegasus Technologies, were suspended,” said the source.
So, what other international money remittance firms were also affected?
“Hackers usually target financial institutions over weekends when there is less activity and reduced vigilance. It is easy to strike, withdraw the cash and cover up by the time the weekend is over,” said the insider who is very familiar with such online frauds.
Established in 2007, Pegasus handles up to UGX1.7 trillion in financial transactions annually. This includes mobile money aggregation, mobile payments and remittances, loans and savings, and value-added services such as SMS, airtime, and data loading.
In an April 2020 interview, Sydney Asubo, the Executive Director of Uganda’s Financial Intelligence Authority (FIA), the financial crimes watchdog said that fraud, because of its lucrativeness, accounts for more than half of all the financial crimes in Uganda.
“Fraud is of course wide but it has subsets- it has corruption, theft, cybercrimes, including identity theft and embezzlement. That is number one by far. The gap between number one (fraud) and number two is so big- I would say half is fraud,” he said.
We have published articles about Hacked Institutions
