Cybersecurity

Flutterwave hit by ₦11 billion cybersecurity breach, claims customer funds not affected


African financial technology leader Flutterwave has suffered a fresh security breach, just a month after obtaining a court order to recover $24 million lost to unauthorized point-of-sale (POS) transactions.

This time, the breach allowed unknown perpetrators to siphon off billions of naira into various bank accounts in April 2024, marking the fourth such incident reported within fourteen months.

Insider report suggests an estimated ₦11 billion ($7 million) was transferred to accounts across five financial institutions over four days. Meanwhile, a second insider puts the amount involved was at least ₦20 billion ($13.5 million).

The incident which has been confirmed by the fintech in a media statement likely went undetected because the perpetrators ensured the deposits remained below limits that would trigger fraud checks.

Meanwhile, Flutterwave maintains that “no customer funds or data were compromised in the breach. 

Authorities have been alerted, with investigations already underway. Flutterwave has also taken proactive measures, reaching out to financial institutions to obtain Know Your Customer (KYC) details of the implicated accounts, subsequently imposing temporary restrictions on them.

These security breaches are not new to Flutterwave. In February 2023, hackers transferred over ₦2.9 billion from Flutterwave accounts. In March 2023, another ₦550 million was diverted to 107 accounts across 27 banks. In October 2023, an unauthorised POS transaction led to ₦19 billion ($24 million) being transferred to 6,000 accounts across 35 banks.

The frequency and nature of these breaches raise serious questions about Flutterwave’s security infrastructure and internal protocols as it looks forward to an IPO.  

Flutterwave is getting ready for its IPO

Following a tumultuous year marked by several media controversies, Africa’s largest startup by market value, Flutterwave appears to be resuming its preparations for an initial public offering (IPO), according to a Bloomberg report, citing its CEO. But despite facing fraud allegations, alleged security breaches, and a seemingly unfavourable IPO landscape



Source

Related Articles

Back to top button