Egypt’s Top Fintech Suffered Hack But Maintains No Harm Done
Egypt’s top fintech Fawry has concluded an extensive examination and assessment of its cybersecurity framework, responding to earlier concerns regarding a potential breach by a ransomware group, the company has revealed.
Engaging the expertise of Group-IB, a renowned entity specializing in cybersecurity technologies and digital crime prevention, Fawry initiated an investigation after LockBit released a data sample on November 8th, claiming it was obtained during a breach of Fawry’s systems.
Fawry’s testing environment was hacked, the EGX-listed company said in an emailed statement seen by WT and communicated in a regulatory filing on Sunday, November 26, as Enterprise first reported.
A dark web post surfaced earlier this month, claiming that Fawry; considered Egypt’s leading provider of e-payments and digital finance solutions, was allegedly targeted by LockBit, a reputedly advanced global hacker group, and the fintech had its systems compromised. This assertion gained significant traction across Egyptian social media on Thursday, November 9, prompting a sequence of responses from Fawry.
“The company immediately conducted an investigation into its servers and live broadcast. Based on the tests conducted by the company, it has been found that the servers serving customers and banks have not been subjected to any breaches,” Fawry had communicated in a statement seen by WT on November 9.
“The company also confirms that no financial or banking data of customers have been leaked. Furthermore, the company asserts that it adheres to the highest standards of cybersecurity in accordance with the requirements of global regulatory authorities,” the firm had added, reiterating that there is no validity to any rumours circulating on social media pages claiming that Fawry has been subjected to attacks or information system breaches.
However, an extensive forensic examination conducted on over 2,000 servers supporting Fawry’s entire range of products and services revealed that while the production servers remained secure from any breaches, a segment of its testing environment fell victim to a cyberattack, leading to the exposure of certain customers’ personal information.
Founded in 2008, Fawry is the largest e-payment platform in Egypt enabling electronic bill payments, mobile top-ups and provisions for millions of Egyptian users. With a network of 36 member banks and 324,000 agents, Fawry processes more than 4 million transactions per day, serving an estimated customer base of 50 million users monthly, per numbers shared by the company. Thus, the company seems a prized target in an era of rising cyberattacks orchestrated by bad actors against institutions at the heart of critical infrastructure all over the world.
Group-IB’s Digital Forensics and Incident Response (DFIR) team, as of November 24, confirmed that Fawry’s crucial production segment, encompassing the live environment housing myfawry, banking applications, Acceptance, Retail, and Fawry Plus, remained unaffected by the LockBit ransomware attack and remained uncompromised.
This confirmation supports Fawry’s earlier statement on November 10, asserting the security of its live production environment and the absence of any unauthorized access to banking or card data.
Nevertheless, Group-IB’s investigation revealed that a distinct part of Fawry’s testing environment, utilized for modelling platform changes and entirely isolated from the production segment, had encountered a previous breach. This incident led to the encryption of certain files and potentially involved the unauthorized retrieval of data. Fawry maintains confidence that this data compromise will not impact financial transactions on its platform. However, it may contain personal details, such as addresses, phone numbers, and dates of birth, of some customers involved in system migration projects.
While Fawry asserts that this data breach poses no threat to financial transactions, it has encouraged concerned customers to seek guidance via its website or by contacting its customer care centre.
Group-IB further implemented its advanced monitoring solutions across Fawry’s entire server infrastructure, ensuring the elimination of LockBit’s presence from both production and testing environments by November 24. Fawry’s team executed a comprehensive eradication of observed LockBit code indicators, confirmed by Group-IB experts upon the completion of network cleanup, the company’s latest statement says.
“We are satisfied that any compromise of Fawry’s systems has been neutralised and that the professional investigation we instigated will reassure customers that all financial records and data remain secure on the company’s production servers,” Fawry Founder and CEO, Ashraf Sabry stated. “The safety and security of our customers’ assets
remain our absolute priority, and we are committed to take all necessary steps to avoid similar incidents in the
future,” he added.
