Equity Bank, a leading financial institution in Kenya, has been the victim of a significant cyber heist, resulting in a loss of approximately KES 282 million ($2.1 million). According to a detailed report by the African news platform TechCabal, the heist was orchestrated by an insider—a bank staff member collaborating with external accomplices. TechCabal shed light on the heist and said it involved a “card-not-present” scam utilizing stolen card details.
Malware and Insider Collusion
Investigations into the heist revealed that the implicated bank employee installed malware within the bank’s core system, enabling the illicit transfer of funds without detection. The breach occurred over a period from April 9 to April 15, during which the funds were dispersed across more than 500 bank accounts and mobile wallets before the unusual activity was identified.
An anonymous detective informed TechCabal about the mechanics of the theft, stating, “It’s an Equity Bank staff transferring money from accounts to several bank accounts and M-Pesa lines.” The discovery has prompted some recipients to refund the money, although investigations are still ongoing to track the full scope of the fraud.
The Mechanics of the Cyber Heist
Further details reported by TechCabal shed light on how the heist was executed. It involved a “card-not-present” scam, a type of fraud where perpetrators do not require physical possession of a bank card to siphon funds. Instead, they utilized stolen card details to make transactions on fake websites designed to capture victim payments, subsequently redirecting these funds into other accounts controlled by the scammers.
To date, Kenyan authorities have arrested 59 individuals in connection with the heist, although some have been released on bail. The Directorate of Criminal Investigations in Kenya is actively pursuing additional suspects and focusing efforts on recovering the stolen funds.
Lack of Response and Broader Implications
Despite the severity of the incident, both Equity Bank and the Central Bank of Kenya have remained silent, raising concerns about the impact of this heist on the broader financial sector in Kenya. Such events underscore the vulnerability of financial institutions to insider threats and highlight the critical need for enhanced security measures.
Report Cyber Incidents
If you have information about cyber attacks or cybercrime activities, please let us know via our whistleblower system, Whistle42.