Unidentified hackers broke into the systems of Pegasus Technologies, a company that integrates mobile money transactions between telcos, banks, and other local, regional and international money transfer services, making off with a yet to be known sum, but said to be in billions of Shillings. This follows the cyber-attack on telecoms (MTN and Airtel) and Stanbic Bank Uganda last Saturday morning.
In a joint statement released on 5th October 2020, Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda respectively, admitted there was an "incident", but did not give details.
"Stanbic Bank Uganda, MTN Uganda and Airtel Uganda inform the public and their customers that on Saturday 3 October 2020, a third-party service provider experienced a system incident which impacted Bank to Mobile Money transactions. All Bank to Mobile Money/Wallet services have since been temporarily suspended," the statement reads in part.
"This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analyzing the incident and will restore services as soon as possible. We apologize to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services," they added.
A source at one of the affected companies, told reporters that hackers broke into the system of Pegasus Technologies who handles MTN to Airtel and Airtel to MTN transactions as well as the respective telcos to bank payments on Thursday night. Pegasus also handles Stanbic Bank's Flexipay, a cashless solution that allows the bank's customers to pay for goods and services via mobile money.
"From Thursday night, the hack went on undetected until Saturday. By this time, hackers had sent themselves almost UGX1.3 billion but had managed to withdraw UGX900 million from Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders. When the fraud was detected all transactions going through Pegasus Technologies, were suspended," said the source.
Established in 2007, Pegasus handles up to UGX1.7 trillion in financial transactions annually. This includes mobile money aggregation, mobile payments and remittances, loans and savings, and value-added services such as SMS, airtime, and data loading.
Its flagship product, PegPay payments platform, is currently being used by several institutions including banks, telecoms, and utility companies such, retailers, Pay-Tv providers' and schools, to aggregate and manage financial transactions for both internal and external purposes.
In an April 2020 interview with the media, Sydney Asubo, the Executive Director of Uganda's Financial Intelligence Authority (FIA), the financial crimes watchdog said that fraud, because of its lucrativeness, accounts for more than half of all the financial crimes in Uganda.
"Fraud is of course wide but it has subsets- it has corruption, theft, cybercrimes, including identity theft and embezzlement. That is number one by far. The gap between number one (fraud) and number two is so big. I would say half is fraud," he told reporters at the time.