Safaricom has reportedly stopped an attempt to compromise the M-Pesa platform and steal customers M-Pesa funds.
The Kenyan mobile operator says that their risk management unit detected the attempt and immediately escalated the incident to security agencies.
“Safaricom maintains a state-of-the-art information security system which easily triggers an alarm if a breach is detected. This matter is being treated with the seriousness it deserves with the suspects due to be arraigned in court. I wish to assure our customers that all their data is safe and we have no evidence of any money being removed from the system,” said Bob Collymore, CEO of Safaricom in a statement.
According to Safaricom, the method used by the cyber criminals was SIM swapping, giving the criminals access to a customer’s card. In one reported case, the cyber criminals managed to access KSh 266,000 from one customer, which has since been refunded following the detection of the breach.
Safaricom holds the ISO 27001 Information Security Management System certification, meaning that the company adheres and has implemented appropriate processes and controls relating to mobile data, mobile money services, cloud services, billing and customer support services.