Transnational Bank hacked, clients complain of missing money

Sammy Lang’at Transnational Bank CEO

Early this week, clients of Transnational Bank complained of slow and sometimes non-existent services.

It became clear later that the bank had been hacked and the hackers had disrupted the Bank’s systems demanding a ransom be paid.

A bank in the republic of Kenya was hacked”, the hacker named @SzandorTigris announced on August 6th 2020.

A screenshot of the stolen data posted by the hacker

He went on to publish the screenshots of the data that he has acquired, ‘still asking’ for ransom which eventually culminated in a link. He shared a link to the banks documents that he had stolen just 21 hours ago.

The bank has not responded up to now.

In February 20202, Transnational Bank was fully acquired by Access Bank of Nigeria.

In the five days that the bank’s systems were down, clients could not access ATM, Mobile and web banking. Activities at the branches were slow and undertaken ver an Excel Data that had been downloaded.

The hacker gives his reason for hacking the Bank

Transnational Bank later wrote after days of silence, ‘Dear Customer, we are pleased to inform you that the service downtime experienced on our online banking platforms has been restored. We regret the inconveniences caused. We thank you”.

However, this message was met with complaints of missing money.

The above complaints just show the extent of the damage done by the hacker.

Question is, do they still have access to the bank’s systems?

What is Transnational and Acess Bank’s doing to reclaim their systems?

Was Central Bank of Kenya (CBK) aware about the weak IT systems of this bank even as exposed through an Audit report by Ersnt & Young LLP?

This data leak is massive and the bank must come out and assure its clients.

A sceenshot of the data posted by the hacker

The Audit

(Copied from

An audit report prepared by the firm Ernst & Young LLP on the information and communication technology controls of Transnational Bank, paints a grim picture of the ICT system at the bank.

One of the revelations that caught the eyes of this KenyanBusinessFeed.Com editor was under ‘the inadequate password and security settings’. The report stated, ‘the passwords did not meet the minimum complexity requirements’. They also allowed ‘Concurrent multiple logins’, on the ‘Chapaa Popote, Chequepoint Truncation System, Paynet and Simba HR Cube systems’.

The second pointer to weak systems in the audit report was ‘inappropriate access to IT administrator role in Chequepoint and Simba HR Cube System’. The audit signed by EY Risk Advisory Leader for Eastern Africa Mr Robert J. Nyamu, stated that ‘business users had access to administrative IT rights and could create new users’. It also said, ‘review of inward cheque processing on the application, we observed as the user used the ‘Admin’ account to approve the cheque files after upload and adoption by the clearing clerk.

This ‘increase the risk of overriding controls within the application’, which could, lead to ‘unauthorized activities conducted on the payroll’.

The third weakness was ‘Lack of role monitoring of users and user activity in systems, which posed a ‘risk that application access violations and inappropriate transactions may not be identified in a timely manner”

The fourth weakness is ‘System issue with reset accounts on Chequepoint Truncation System. This posed the “risk of user intentionally or unintentionally interfering with financial information by gaining access to more than one user account on the application”.

Data breach announced

The last risk was about the Server Room, where the auditors noted the weak access control of the server room.

“During the review of the server room, the following weaknesses were noted: The floor on the server room is raised using wooden material which is combustible. Other combustible materials noted include; the material used for the ceiling and a wooden plank lying on the floor. Combustible material was also observed in the area just outside the server room which is used as a storage area. There was no automatic fire suppression system in the server room. Environmental factors to be controlled in the server room e.g. temperature levels, dust levels, humidity levels, other gases etc. are not monitored. Temperature level is monitored manually by physically going to the server room. There is no warning sign prohibiting drinking, eating and smoking in the data center”.

Though Ersnt & Young LLP did the recommendations to improve on the above, it is highly unlikely that the bank has implemented them.


About the author

Karecha Kamaris

Karecha Kamaris is the space between earth and heaven, the gap between ice and fire, the elementary molecule that justifies unending peace in the sea of turmoil. An 'appetite for adventure over the love of ease'.

slot online

slot pulsa

slot pulsa

slot deposit pulsa tanpa potongan

slot deposit pulsa tanpa potongan



slot bonus 200 di depan

slot deposit pulsa


slot bonus new member

slot deposit pulsa

rtp slot gacor



nexus slot

slot deposit pulsa

slot pulsa tanpa potongan

deposit pulsa tanpa potongan

slot dana

slot bonus new member

rtp slot tertinggi

slot bonus new member

slot bonus new member

slot bonus new member

slot bonus new member

slot bonus new member

slot bonus new member

slot bonus new member