Safaricom #ticker:SCOM staff are among nine suspects arrested in the past two days in connection with hacking of saccos’ IT systems and theft of millions of shillings.
The Directorate of Criminal Investigations Wednesday revealed that it had arrested six more suspects, among them employees and agents of the Kenya’s biggest mobile and internet service provider.
However, it was not clear how many among the six arrested are employees of Safaricom.
“Six other people were arrested today in connection with the electronic fraud targeting Kenyan saccos among them are @SafaricomPLC staff, interns & agents,” read a tweet by DCI Kenya, the Director of Criminal Investigations official and verified handle.
The six were named as Jason Amayo, Arnold Orupia, Okello Silas, Shihundu John, Wangila Sylvanus Nyapera and Rodgers Wanyonyi.
On Tuesday, the DCI announced that three people had been arrested in Nairobi’s Dagoretti area over breach of saccos’ (savings and credit cooperative societies) IT systems.
The DCI identified the trio as Zahra Ahmed and Abdullazac Rajab who are Kenyan nationals and Ugandan citizen Patrick Emmanuel Gabantu had been taken in for questioning and were expected to face criminal charges.
Safaricom sacked 43 employees in the year to March 2018 for fraud related incidents.
The company made the disclosure in its 2018 sustainability report, saying it investigated a total of 57 cases of corruption and fraud during the period, up from 33 the previous year.
Cybersecurity consultancy firm Serianu last month warned saccos against operating IT systems without proper cybersecurity systems, saying it made them easy targets for tech-savvy “thieves”.
The firm said the Sh443 billion sacco industry risked collapse if urgent measures were not taken to address the security lapses. Serianu, which conducted a nationwide representative poll where 100 top officials of saccos participated, found that 50 per cent of saccos did not see the essence of investing in cybersecurity.
The firm’s Managing director William Makatani said allowing employees to bring in their own devices to work was the greatest threat and called for enactment of company policies that deterred use of private devices for official work.
The Cybercrime Investigation Unit said about Sh17 billion was lost to hackers in 2016, with theft of credit or debit card data and financial scams, bank salami attacks and hacking of the mobile banking systems being the greatest targets.
While many saccos have been hit, none has confessed losses, fearing a member backlash that could lead to their collapse.
Most saccos have embraced mobile applications in efforts to make it convenient for members to access savings, salaries and loans.
The apps ride on mobile money transfer services such as M-Pesa and Airtel Money.
Some saccos also have adopted USSD (Unstructured Supplementary Service Data) which sort code that is used to send text between a mobile phone and an app programme within network, which helps a client who has no access to Internet transact and this also is connected to mobile money transfers.