Hackers Fleece MTN, Airtel, Stanbic, Other FinTechs of Billions after Breaking into Mobile Money System

Anne Juuko (left), Wim Vanhelleputte (2nd left), and VG Somasekhar (2nd right), the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda respectively, Ronald Azairwe (right), the Pegasus Technologies Managing Director

Kampala – Unidentified hackers broke into the systems of Pegasus Technologies, a company that integrates mobile money transactions between telcos, banks, and other local, regional, and international money transfer services, making off with a yet to be known sum, but said to be in billions of Shillings.

The most affected firms are the leading telcos, Airtel and MTN Uganda, as well as Stanbic Bank, Uganda’s largest bank that also backs up most of the mobile money transactions.

In a joint statement released today, 5th October 2020, Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda respectively, admitted there was an “incident”, but did not give details.

Advertisements

“Stanbic Bank Uganda, MTN Uganda and Airtel Uganda inform the public and their customers that on Saturday 3 October 2020, a third-party service provider experienced a system incident which impacted Bank to Mobile Money transactions. All Bank to Mobile Money/Wallet services have since been temporarily suspended,” the trio said.

“This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analysing the incident and will restore services as soon as possible. We apologise to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services,” they added.

Ronald Azairwe, Managing Director Pegasus Technologies Limited, could neither deny nor confirm the incident.

“Sadly I can’t comment on that. I can’t confirm or deny anything of the sort. I can’t speak about it. MTN/Stanbic/Airtel should be able to tell you whether it is Pegasus or not,” he told this reporter on phone.

But Twiine Charles, the Criminal Investigations Directorate spokesperson confirmed that an electronic fraud incident had been reported to police.

“The fraud incident has been reported. We are constituting a team of electronic countermeasures investigators and investigations begin effective tomorrow,” he said.

A source at one of the affected companies, told this reporter that hackers broke into the system of Pegasus Technologies who handles MTN to Airtel and Airtel to MTN transactions as well as the respective telco to bank payments on Thursday night. Pegasus also handles Stanbic Bank’s Flexipay, a cashless solution that allows the bank’s customers to pay for goods and services via mobile money.

“From Thursday night, the hack went on undetected until Saturday. By this time, hackers had sent themselves almost UGX1.3 billion but had managed to withdraw UGX900 million from Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders. When the fraud was detected all transactions going through Pegasus Technologies, were suspended,” said the source.

Sources reveal that other than the local mobile money firms, other international money remittance firms were also affected.

“Hackers usually target financial institutions over weekends when there is less activity and reduced vigilance. It is easy to strike, withdraw the cash and cover up by the time the weekend is over,” said the insider who is very familiar with such online frauds.

Established in 2007, Pegasus handles up to UGX1.7 trillion in financial transactions annually. This includes mobile money aggregation, mobile payments and remittances, loans and savings, and value-added services such as SMS, airtime, and data loading.

Its flagship product, PegPay payments platform, is currently being used by several institutions including banks, telecoms, and utility companies such, retailers, Pay-Tv providers’ and schools, to aggregate and manage financial transactions for both internal and external purposes.

The Police’s Annual Crime report, 2019 revealed that over UGX17bn was lost to cybercrime in fraudulent financial transaction and impersonation with Mobile Money, Banking systems and separate hits.

“A total of 248 cases were reported during the period under review compared to 198 cases reported in 2018. Cybercrimes led to a loss of UGX 11,446,603,500 in 2019 in which UGX 51,890,000 was recovered,” read part of the report.