Uganda mobile money network’s major hack has put the country’s telecoms and banking system into crisis.
According to a statement issued by MTN Uganda, the recent hack happened due to security breach on a consumer finance aggregator, Pegasus Technologies, which majorly rubbed off on bank and mobile wallet transfers.
Kampala-based Pegasus Technologies offers financial and billing services for companies including all the affected entities.
No fewer than $3.2 million is estimated to have been carted away in this latest hack while some reports quoted a higher figure. About 2,000 mobile SIM cards were used by the hackers to access to the mobile money payment system. They later ordered the banks to transfer millions of dollars to telecommunication companies who paid mobile money to these SIM cards across Uganda.
MTN Uganda and Airtel Uganda have indefinitely suspended mobile money service transactions between their networks after what they both termed as an “unprecedented technical challenges” in a joint statement signed by their Chief Executive Officers.
According to the Central Bank of Uganda, over $20 billion worth of transactions was consummated via the mobile money system in 2019. MTN has more than 11 million subscribers and an estimated 80% market share of mobile money transactions in Uganda.
According to MTN Uganda, transactions through Stanbic Bank Uganda, MTN to Airtel and Sendwave, a cross-border payments platform operating in Kenya, Uganda, Tanzania, Ghana, Liberia, Nigeria and Senegal are affected.
According to a statement issued to customers, MTN Uganda upgraded its system on October 6. During the upgrade, data, voice and mobile money services were interrupted. Every affected telecom and bank has assured customers that their account balances and other sensitive information was not affected by the breach.
Reports have it that no fewer than two suspects have been arrested by the police. The arrested suspects are linked to Pegasus Technologies. The company has not released any statement about the incident. Police have however allowed the companies affected to carry out an audit of their accounts, which will guide the investigation process on what really happened and how much money was stolen.
