Kenya’s National Bank Loses Millions to Hackers as Bank Downplays Event

6
National Bank of Kenya

It appears that cyber security concerns are not going away, at least not in the near future if happenings in the digital world are anything to go by. The latest manifestations of such an intrusion has affected a local financial institution, namely the National Bank of Kenya (NBK).

In a statement sent out by the institution a few moments ago, the bank admits it lost a substantial amount of money to fraud.

“We confirm that there was an attempted fraud in normal course of business on 17th January but the bank’s monitoring and security resources frustrated the attempt.



“The amount of attempted fraud is about KES 29 million and we are confident we will recover most of that money. Security are in pursuit of the fraudsters and investigations are ongoing. Customer account have not been affected and the latest social media speculation on the potential loss is incorrect,” reads a statement from the bank.

First and foremost, the loss of KES 29 M is substantial to say the least. While we do not have facts at hand, there is no way we can ascertain if that figure is true or otherwise because it has been established before that such institutions downplay losses to win the trust of their customers, else a panic ensues and clients move to competitors.

The second issue regarding the statement is based on the assurance that customer accounts have not been affected, which is as absurd as it sounds. While the bank’s security resources may have thwarted the theft, it is apparent that the money that slipped away came from one or multiple of the bank’s account holders.


This takes us to the third aspect of the statement, which is vagueness. Other than the amount lost, the bank has not given clear details of what transpired during the breach (that occurred yesterday), and word has it that a loophole was found in the process of transferring cash from the bank to M-PESA, which is why the service has been suspended for the time being.

For the moment, the details of the cyber crime are scanty at best. This also marks a time that emphasizes on cyber security concerns, with several global and local IT companies predicting that intrusions will be worse.

6 COMMENTS


  1. But how does a whole bank like NBK ignore having an SSL certificate? That’s basically flirting with hackers, especially when you are offering online banking services that involve private details like I.D, passport details and full names. What’s worse is that NBK is not the only major bank in Kenya that flaunts simple web security like data encryption. If you check Equity Bank, you will notice that they are still on HTTP. I’m not a hacker, but I won’t be shocked if they are next on the headlines, even CBA group. Plus as SSL goes for only KES 1,500!


    • I believe there is even to SSL, frequent security tests might be able to address some of the common security flaws. In my opinion Kenyan organizations have not done the least to protect their assets and intellectual property from malicious attackers

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.