Equity Bank has turned to the Banking Fraud Unit for assistance after discovering that hackers siphoned off Sh179 million from 155 accounts within the span of a week.
The bank's risk department noticed a surge in transactions from its Incoming MasterCard GL and alerted authorities after more than Sh100 million had already been siphoned out of the system, including transfers to M-Pesa and accounts in 11 other commercial banks.
Gerald Munyiri, Equity's general manager for security and investigations, revealed in a letter that the cyber attack occurred between April 9 and 15, during which fraudulent transactions totaling Sh179.6 million were executed from the bank's GL to 551 accounts. Additionally, Sh63 million was channeled to Safaricom M-Pesa and Sh39 million to various commercial banks.
Efforts are underway to trace and recover the missing funds, with collaboration between the police, the bank, Safaricom, and the affected banks. Equity Bank has secured a lien of Sh60.7 million on the 551 accounts involved in the theft.
The bank has enlisted Safaricom's assistance in tracking down the whereabouts of the remaining missing Sh100 million.
This cyber theft underscores the urgent need for enhanced cybersecurity measures in financial institutions. Last week, the National Assembly passed the Computer Misuse and Cybercrime Regulations, empowering security agencies to regulate activities in cyberspace and combat fraud effectively.
Key provisions of these regulations include safeguarding critical information infrastructure, establishing cybersecurity operations centers, and addressing various cybercrimes such as fraud, identity theft, and hacking. Additionally, capacity building initiatives aim to bolster cybersecurity preparedness across public and private sectors.