MTN, Airtel and Stanbic Bank Uganda Lose Billions of Shillings to a Third-party Service Provider Hack
...One hack, but billions of shillings lost from three different firms
Hackers have broken into Uganda’s Pegasus Technologies, making away with cash in the billions. Pegasus Technologies touts itself as a provider of bespoke financial and billing solutions to several banks, telecoms, and utilities in Uganda.
According to a Ugandan publication, CEO East Africa Magazine, Pegasus Technologies integrates mobile money transactions between telcos, banks, and other local, regional, and international money transfer services.
The most affected firms in the hack were MTN Uganda, Airtel Uganda, and Stanbic Bank Uganda.
In a joint statement, released on 5th October 2020, the three firms confirmed that hackers had compromised systems of a third-party service provider last Saturday, 3rd October.
Billions of shillings are believed to have been lost, but the precise figure is yet to be known.
The hack affected bank to mobile money transactions leading to the temporal suspension of all bank to mobile money transactions.
However, the trio confirmed that the hack had “no impact on any balances on both Bank and Mobile Money accounts.”
But the hack is said to have started on Thursday night, an insider at one of the firms told the publication. It went on undetected till Saturday, 3rd October, when the three firms became aware of the incident.
By that time, the hackers had already gifted themselves “almost UGX1.3 billion” but had only managed to withdraw “UGX900 million” via Airtel’s mobile money service, the source said.
“We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders.”
The affected firms say they are currently “analysing the incident and will restore services as soon as possible.”
“We apologise to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services.”
As of yesterday, Pegasus Technologies had not provided any concrete information when the publication reached out for comment.
Ronald Azairwe, Managing Director Pegasus Technologies Limited, said, “Sadly, I can’t comment on that. I can’t confirm or deny anything of the sort. I can’t speak about it. MTN/Stanbic/Airtel should be able to tell you whether it is Pegasus or not.”
But the same insider confirmed that indeed Pegasus Technologies is the affected third-party service provider.
“When the fraud was detected, all transactions going through Pegasus Technologies were suspended,” the publication was told.
Uganda’s criminal investigation department is set to begin their investigations today.
Follow us on Telegram, Twitter, Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.