A major hack that compromised Uganda’s mobile money network has plunged the country’s telecoms and banking sectors into crisis.
The Oct. 3 hack was a result of a security breach on a consumer finance aggregator, Pegasus Technologies, which mainly affected bank to mobile wallet transfers, according to an Oct. 8 statement by MTN Uganda, the country’s largest mobile phone company. Kampala-based Pegasus Technologies provides financial and billing solutions for various companies including all the affected entities.
At least $3.2 million is estimated to have been stolen in this latest incident with some reports quoting a much higher figure. The hackers used around 2,000 mobile SIM cards to gain access to the mobile money payment system, according to local papers. They then instructed the banks to transfer millions of dollars to telecommunication companies who then paid out mobile money to these different SIM cards across the country.
MTN Uganda and Airtel Uganda, suspended mobile money service transactions between their networks, indefinitely, following what they termed as an “unprecedented technical challenges” in a joint statement signed by their respective chief executive officers. The services are yet to be restored.
More than $20 billion worth of transactions was channeled through the mobile money system in 2019, according to Bank of Uganda, the country’s central bank. MTN alone has over 11 million subscribers and an 80% market share of mobile money transactions in the East African country.
According to MTN Uganda, only transactions via Stanbic Bank Uganda, MTN to Airtel and Sendwave, a cross-border payments service operating in six African countries including Kenya, Uganda, Tanzania, Ghana, Nigeria, Senegal, and Liberia are affected.
On Oct. 6, MTN Uganda upgraded its system according to a statement issued to customers. During the period, data, voice and mobile money services were interrupted.