KAMPALA — Two prime suspects in connection with a major hack carried out on MTN, Airtel Uganda and two banks Stanbic and Bank of Africa where billions of shillings were lost have been arrested.
Security sources say, the two suspects who are linked to Pegasus Technologies, a consumer finance aggregator based in Kampala have been grilled on the matter and are now helping the police with investigations.
Pegasus Technologies provides financial and billing solutions for various companies including all the affected entities.
Investigations show that the October 3 hack was a result of a security breach on Pegasus Technologies, which mainly affected bank to mobile wallet transfers.
At least $3.2 million is estimated to have been stolen in this latest incident with some reports quoting a much higher figure.
The hackers used around 2,000 mobile SIM cards to gain access to the mobile money payment system, according to investigators.
They then instructed the banks to transfer millions of dollars to telecommunication companies who then paid out mobile money to these different SIM cards across the country.
Various sources say Police have since allowed the affected companies including banks to carry out an audit of their accounts, which will inform the investigation of what actually happened and how much money was stolen.
A breach of the fast-growing mobile money system will be a blow to efforts to drive up financial inclusion in Uganda and other countries in the region. A majority of Ugandans have no formal bank account and rely on mobile money for its convenience. In some rural areas it is the only feasible option. Mobile money payments are used in agriculture, energy, health and education, among other sectors.