This week cybercriminals hacked into a mobile digital payment system in Uganda. The hackers attacked a third-party payment technology company. The company is responsible for processing mobile money transactions for two telecoms firms, including a unit of South Africa’s MTN group MTNJ.J.
Cyber Criminals Attack Pegasus
Unauthorized individuals hacked into the aggregation system of Pegasus Technologies Ltd. Pegasus processes mobile money transactions for telecoms such as MTN and Airtel and even banks. The company is an aggregator for inter mobile money services. Pegasus thus links mobile money services for companies such as MTN and Airtel. Furthermore, the technology company also provides financial assistance for banks such as Stanbic Bank in their mobile banking platform, FlexiPay.
Mobile Money Millions
Mobile money is a service that allows subscribers to transfer and receive money. Additionally, the service is a cellphone enabled and allows users to pay for food orders, a cab ride, and even utility bills. In Africa, the mobile money system has developed rapidly over the years. According to Uganda’s Central Bank, a total of 73 trillion Uganda shillings worth of transactions passed through the mobile money system in 2019 alone. In a year, mobile transactions are worth more than $7bn in Uganda.
When hackers attacked Pegasus’s network, they made away with billions of shillings. Additionally, the hack was believed to involve many other companies with Pegasus as their mobile money services link. Furthermore, it was thought that the hack extended even beyond telecoms and banks. The hack affected even utility payment systems that use Pegasus Technologies as a transaction aggregator.
MTN and Airtel
Uganda” s largest telecom operators are MTN and Airtel, a unit of India’s Bharti Artel BRTI.NS. MTN, Airtel, and Stanbic Bank companies informed their customers that they had to suspend some mobile money transactions in a joint statement. In their report, they added that a third-party service provider experienced a systems incident. The incident they stated impacted all banks to mobile money or wallet services. However, the three companies said that the system’s incident had not affected any bank balances or mobile money account balances.
Cyber Criminals not caught yet
Since the hack occurred, all wallet services or banks to mobile money services have remained temporarily suspended. The decision to suspend services has affected more than 20 million people that utilize mobile payment platforms. Investigators have been summoned to try and figure out what exactly happened and who exactly is responsible. To allow thorough investigations, mobile digital payment systems run by the telecoms could be out of commission for a month. Additionally, because owners of mobile devices use money transfers to pay for data, internet use in Uganda has also been disrupted.
Uganda’s spokesman for the police’s Criminal Investigation Department (CIID), Charles Twiine, reported that they were investigating the allegations that Pegasus was hacked into by unauthorized people. The spokesman added that the CIID would work tirelessly to figure out whether there was a loss of any money, how the loss was occasioned, and who the perpetrators were.
No details have been provided concerning the hackers, but it is believed that they operate from Eastern Europe.