Reports have emerged that Stima Sacco, one of Nairobi’s largest financial institutions with an asset base of over Ksh40 billion, might have recently suffered a mysterious cyber attack that saw hackers compromise over 1,000 sim cards in under 30 minutes.
This news comes amid widespread concerns from members about the prolonged downtime of the bank’s web portal and suspicious errors of insufficient funds within the system.
Despite the bank’s claims of migrating users to a “new core banking system,” many members have reported difficulties accessing their accounts and funds.
This, coupled with reports of possible liquidity problems within the Sacco, has heightened fears about the safety and stability of the financial institution.
https://cnyakundi.com/liquidity-crisis-stima-sacco-members-fear-for-their-savings/
According to an anonymous source close to the matter, the hacking attempt occurred at the payment integrator stage, a crucial point in the withdrawal process.
Withdrawals at Stima Sacco typically flow from the Sacco to a payment integrator, and then onto Safaricom’s API, which is supposed to alert the Sacco of any suspicious activity.
But it seems the malicious hackers were able to bypass these security measures with ease.
It remains unclear at this time exactly how the attack was executed, but one thing is certain: this major data breach raises serious questions about the security measures in place at Stima Sacco, leaving its loyal members worried about the safety of their deposits.
The source further alleges that a script plotted by greedy insiders might have facilitated the hack.
By the time of publishing this post, Stima Sacco was yet to provide a clear explanation of the challenges facing their mobile banking system.
This has left some questioning whether the bank is doing enough to protect the funds and personal data of its members.
“We demand answers from Stima Sacco on what really happened to our hard-earned savings,” said one frustrated member.
“It’s time for the bank to step up and clear the air over the security of our funds.”
The reports of Stima Sacco falling victim to a hack is a wake-up call to the Sacco Societies Regulatory Authority (SARSA) to take a closer look at the inner workings of these unstable institutions.
It is unacceptable that the management of Stima Sacco allowed such a security breach to happen, and nobody at SARSA has picked up on this major red flag.
The role of SARSA is to ensure the stability of Saccos and protect consumers, but it appears that this is not being adequately fulfilled in the case of Stima Sacco.
SARSA as well as other regulatory authorities must take immediate action to investigate this issue and hold those responsible accountable.
