Over the weekend, reports from various sources indicated that Airtel Uganda, which is one of the biggest telecom providers in Uganda had suffered a major cyberattack with hackers gaining accessing to their systems and walking away with large sums of money.
According to Spy Uganda, at least sixty billion shillings (Ugx 60 bn) were estimated to have been stolen after anonymous hackers broke into Airtel Mobile Commerce Uganda Limited (Airtel Mobile Money) systems.
The reports that started trending on Saturday evening allege that the hackers gained unauthorized access to the Airtel Money central systems and wired money to bank accounts in various banks connected to the Airtel to Bank Wallet services.
The money was then withdrawn via several banking agents across the country as well as mobile money agents. However, a sudden spike in transactions on the accounts that were previously dormant alerted the banks and Airtel who immediately shut down the Airtel to Bank Wallet services before probing the matter.
Not First Saga for Airtel Money
Last year, Buganda Road Court charged and remanded to Kitalya Prison five people over hacking into Airtel Money services and stealing customers’ money. The suspects, all residents of Kikajjo zone, Namasuba in Wakiso district, defrauded businessman Salim Sserujja of over Shs. 10m by gaining access to his phone through an Airtel Money application without his consent.
A 2020 report by the Police’s Criminal Investigations Directorate (CID) revealed that at least Shs5 billion was fraudulently sent to 877 Airtel Uganda Sim Cards while 755 MTN Sim Cards fraudulently received at least Shs5.5 billion via mobile money. The money was quickly withdrawn by the scammers.
Earlier this year, Henry Bukenya lost more than Shs7m when someone stole his mobile phone. Bukenya wondered how the thieves were able to access his account including the National Identification details. The telecom company acknowledged receiving the complaint in November 2021 and the actions taken include blocking his account to investigate the allegations.
Airtel Mobile Commerce Uganda Ltd eventually acknowledged the fraud, saying insider connivance enabled it. It added that the culprit was identified and “appropriate action was taken.” Bukenya was compensated in February 2022.
In the same year, a security breach on a consumer finance aggregator, Pegasus Technologies, compromised the mobile money network in the country. More than Shs10 billion reportedly went up in smoke.
Payment system providers and operators, among which include mobile money operators and aggregators, must within 24 hours notify the Bank of Uganda, the regulator, of suspected or confirmed fraud, security breach, and material service interruptions, according to regulations, provided under the National Payment Systems Act.
Unconfirmed reports also state that a number of Ugandan banks are not ready to reinstate Airtel Money services back on their payment platforms until a proper investigation citing how the hack happened and what measures are to be taken to prevent it in the future are clearly outlined.
Author: Moses Echodu
Moses is an avid Sports and Tech enthusiast. He loves to keep up to date with all the latest information and research on some of the most compelling stories.