Pegasus Technologies, a company that integrates mobile money transfers between telcos, banks, and other local, regional, and foreign money transfer services, broke into the networks of unidentified hackers, making off with an amount yet to be acknowledged, but said to be in billions of shillings.
The most affected companies are the leading telecommunications companies, Airtel and MTN Uganda, as well as Stanbic Bank, the largest bank in Uganda that also funds the majority of mobile money transactions.
“Anne Juuko, Wim Vanhelleputte, and VG Somasekhar, the CEOs of Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda, respectively, admitted in a joint statement released on October 5, 2020, that there was an” incident, “but did not provide information.
“Stanbic Bank Uganda, MTN Uganda, and Airtel Uganda inform the public and their customers that on Saturday, October 3, a third-party service provider experienced a system incident which impacted Bank to Mobile Money transactions. All Bank to Mobile Money/Wallet services have since been temporarily suspended,” the trio said.
“This system incident has had no impact on any balances on both Bank and Mobile Money accounts. Our technical teams are analyzing the incident and will restore services as soon as possible.
“We apologize to all customers for any inconvenience that this has caused and reiterate our commitment to delivering seamless banking and mobile money services,” they added. The incident could neither be denied nor confirmed by Ronald Azairwe, Managing Director of Pegasus Technologies Limited.
“Sadly I can’t comment on that. I can’t confirm or deny anything of the sort. I can’t speak about it. MTN/Stanbic/Airtel should be able to tell you whether it is Pegasus or not,” he told this reporter on phone.
But Twiine Charles, spokesman for the Criminal Investigations Directorate, confirmed to CEO East Africa Magazine that a police incident of computer fraud had been identified.
“The fraud incident has been reported. We are constituting a team of electronic countermeasures investigators and investigations begin effective tomorrow,” he said.
The hackers made away with UGX 900 Million(243,002.86 USD) from Airtel Uganda
A source at one of the affected businesses told reporters that on Thursday night, hackers broke into the Pegasus Technologies system that handles MTN to Airtel and Airtel to MTN transactions as well as the respective telco to bank payments. Pegasus also handles Flexipay from Stanbic Bank, a cashless solution that allows customers of the bank to pay for products and services through mobile cash.
“From Thursday night, the hack went on undetected until Saturday. By this time, hackers had sent themselves almost UGX1.3 billion but had managed to withdraw UGX 900 million from Airtel Money. We estimate MTN also lost almost twice the same amount of money since they are mobile money leaders. When the fraud has detected all transactions going through Pegasus Technologies, were suspended,” said the source.
East Africa Magazine’s CEO also understands that other foreign money remittance companies were also impacted, other than the local mobile money companies.
“Hackers usually target financial institutions over weekends when there are less activity and reduced vigilance. It is easy to strike, withdraw the cash and cover-up by the time the weekend is over,” said the insider who is very familiar with such online frauds.
Founded in 2007, Pegasus manages financial transactions annually of up to UGX1.7 trillion. This involves the integration of mobile money, mobile transfers and remittances, loans and deposits, and value-added services such as SMS, airtime, and loading of data.
Several institutions, including banks, telecoms, and utility firms, such as supermarkets, pay-TV providers, and colleges, are currently using their flagship product, the PegPay payments platform, to consolidate and handle financial transactions for both internal and external purposes.
In an April 2020 interview with East Africa Magazine CEO Sydney Asubo, the Executive Director of the Financial Intelligence Authority of Uganda (FIA), the financial crime watchdog said that fraud accounts for more than half of all financial crimes in Uganda due to its profitability.
“Fraud is of course wide but it has subsets- it has corruption, theft, cybercrimes, including identity theft and embezzlement. That is number one by far. The gap between number one (fraud) and number two is so big- I would say half is a fraud,” he told this reporter at the time.