Read time: 3 minutes

Concern grows over KCB hacking claims

Kenya , 24 Oct 2016

Concern grows over KCB hacking claims

Kenya Commercial Bank has responded to allegations that its systems were breached and customer data exposed to third parties saying that all its systems - particularly through mobile applications - are secure.

It is alleged that a breach, thought to have occurred in September this year, exposed over 500,000 customers names and phone numbers, and there are growing concern the data may be used to engineer spoof or phishing attacks.

Chris Irakoze, a software developer in Burundi, is said to have exposed the weakness in the application in September this year, in this tweet

The alleged list of customer information is already circulating online, but no one has owned up to the hack.

KCB customers have already started to complain about receiving texts from unknown numbers and fear that it could be related with the alleged hack.

In a statement the bank called the breach claims falsehoods. "We wish to assure all our customers that our platforms and data are highly secured. KCB Group systems including the mobile App have been extensively tested and validated by our internal and the best external data security experts.

"Multiple layers of encryption, private keys and unique authentication are among the key embedded data security features that safeguard our mobile app. There is no breach to our systems."

However, the Consumer Federation of Kenya (Cofek) has requested the bank do more than just issue a statement.

"A lot more hacking of banks is taking the world banking by a scare never witnessed before. It's for this reason that KCB cannot afford to play public relations over a sensitive matter such as alleged hacking of its' systems," stated Cofek.

In the Kenya Cyber Security Report 2015, released in March this year, banks have been ranked second to governments in terms of being a target for cyber criminals.

"The banking sector comes in at a close second as a high value target to cyber criminals because they have money and due to their increasing reliance on technology and third parties to perform and enhance their management and transfer of money," the report highlights.

The financial sector is said to be unwilling to release the reports of hacks and attempted hacks which makes it difficult for prevention.

Daily newsletter