Nairobi News

GeneralHashtagHustleMust ReadNewsWhat's Hot

How hackers stole Sh179 million from Equity Bank in seven days


Equity Bank has sought help from the Banking Fraud Unit after a group of hackers stole Sh179 million from 155 accounts at the bank in seven days.

In a letter to the unit seen by Nairobi News, the bank’s risk department said it had detected a spike in transactions from the bank’s Incoming MasterCard GL.

It was detected by Equity Bank’s risk department on Monday morning after more than Sh100 million had already left the bank’s system through M-Pesa and accounts belonging to 11 other commercial banks.

According to a letter, the attack took place between April 9 and 15, when the bank detected an abnormally high movement of cash from certain accounts.

“In the early hours of 15 April, the bank’s risk department detected an increase in transactions originating from the bank’s inbound Mastercard GL,” said Gerald Munyiri, Equity’s general manager for security and investigations, in the letter.

“Preliminary investigations revealed that Sh179.6 million was fraudulently disbursed from the GL to Equity Bank’s 551 accounts during the period. In addition, investigations revealed that Sh63 million was sent to Safaricom M-Pesa and Sh39 million to 11 commercial banks.”

Investigations also revealed that Sh63 million was sent to Safaricom M-Pesa and Sh39 million to 11 commercial banks. The police and the bank are working with Safaricom and the respective banks to trace the movement and secure the funds while the suspects are sought.

Meanwhile, Equity has obtained a lien of Sh60.7 million on the 551 accounts.

Equity has since contacted Safaricom to assist in tracing the whereabouts of the missing Sh100 million.

According to the central bank, bank card fraud occurs in a number of ways, including phishing, where fraudsters send an email or text message that appears to be from your bank or a reputable financial institution.

“They use various tactics to trick you into revealing confidential information such as your PIN, account number, login details and passwords,” the CBK says on its website.

Last week, the National Assembly passed the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, giving security agencies more powers to regulate activities in cyberspace to curb fraud.

The regulations, known as Legal Notice No. 44 of 2024, were drafted by the National Computer and Cybercrimes Coordination Committee (NC4) to operationalise the Computer Misuse and Cybercrimes Act, 2018.

Key aspects of the CMCA regulations include measures to protect critical information infrastructure that supports critical economic sectors, including telecommunications, banking, transport and energy; management of cybersecurity operations through cybersecurity operations centres; and management of cybercrimes.

The regulations propose the establishment of a National Cybersecurity Operations Centre to improve coordination and information sharing among stakeholders.

The regulations also specify how to deal with issues such as fraud, identity theft, hacking and cybercrime, and address cybercrime capacity and capability building for the public, businesses, government institutions and private entities to improve their cybersecurity preparedness and prioritise cybersecurity.