KCB Group (Kenya Commercial Bank) recently suffered a technical incident which allowed customers to withdraw $7.7 million beyond authorized limits. This problem, which occurred between October 11 and 31 during a data migration, reveals the vulnerabilities of the bank’s IT infrastructure, in the midst of a transition to the cloud to modernize its systems.
This malfunction is believed to be linked to a synchronization problem that occurred during the transfer of databases to a colocation center, giving customers access beyond the usual limits for KCB-MPESA savings accounts. In response, KCB took steps to restrict access to affected accounts and reminded affected customers. The bank is also considering using collection agencies to recover lost funds.
→ ALSO READ: PPRODAC file: How the big guy fell between the cracks of the DIC
Although the incident sparked intense controversy, KCB management chose not to comment publicly, despite several crisis meetings to discuss ways to recover the funds and limit the impact on the bank’s reputation. These types of incidents reinforce distrust of the banking sector in Kenya, often targeted by fraud and cyberattacks, with around $130 million stolen each year.
This scourge, accentuated by practices such as corruption, fraud and illicit financing, now affects several African countries. At the start of 2024, the Commercial Bank of Ethiopia (CBE) also faced a similar incident, with unauthorized withdrawals amounting to €37 million. The bank then demanded repayment and threatened legal action. More recently, the Central Bank of Nigeria discovered several anomalies after several banks migrated to a new centralized banking system, and the government has since required prior authorization for any future transition to this type of system.
→ ALSO READ: Management of public funds: A scandal worth 427 billion FCFA has just been revealed
→ ALSO READ: Guinea-Bissau: Umaro Sissoco Embalo postpones the date of legislative elections
