Uganda Reels From Shocking Central Bank Heist Amid Whispers Of An Inside Job
A dramatic breach has sent shockwaves through Uganda’s financial and political spheres. Hackers infiltrated the Bank of Uganda’s systems and illicitly siphoned off billions of shillings, reports in the local media say. The attack, carried out by a Southeast Asia-based group known as “Waste,” has reignited concerns over the vulnerability of Uganda’s financial infrastructure and the potential complicity of insiders.
Reports suggest the hackers targeted central bank accounts earlier this month, transferring funds to accounts in Japan and the UK. Initial estimates from the state-owned New Vision pegged the losses at UGX 62 B (equivalent to USD 17 M). However, the government has disputed this figure. State Minister for Finance Henry Musasizi told lawmakers, “It is true our accounts were hacked into but not to the extent of what is being reported.”
This cyber theft, one of the largest in Uganda’s history, has taken on international dimensions. According to Daily Monitor, UK authorities managed to freeze USD 7 M of the stolen funds, though some had already been withdrawn. Meanwhile, USD 6 M reportedly reached accounts in Japan.
Musasizi confirmed that the Bank of Uganda has recovered more than half of the stolen money. However, the exact figure remains under scrutiny, as conflicting reports from New Vision and Daily Monitor highlight discrepancies in the estimated amount. The Minister has assured parliament that an audit and investigation by the Auditor General and the Criminal Investigations Department (CID) are nearing completion, with findings expected within a month.
While Uganda grapples with the implications of the breach, whispers of insider collusion are growing louder. The Daily Monitor reported suspicions of internal involvement in facilitating the theft, a claim that, if substantiated, would compound the central bank’s challenges. Opposition MP Joel Ssenyonyi expressed alarm in parliament, saying, “It is important that we know what exactly is happening. This is our central bank.”
Cyber threats are not uncommon in Uganda’s financial sector, where cyber theft has repeatedly targeted banks and telecommunications firms. Authorities suggest that some institutions remain reluctant to publicly acknowledge these incidents, fearing reputational damage and loss of customer trust.
This heist highlights a deeper problem in Uganda’s cybersecurity posture. Financial institutions remain frequent targets of sophisticated attacks, yet many lack the robust defences needed to counter such threats. The central bank’s breach, in particular, raises uncomfortable questions about the security of Uganda’s financial infrastructure.
President Yoweri Museveni has ordered a full investigation into the attack, signalling the government’s intent to address both the breach and its aftermath. Musasizi’s promise to deliver a comprehensive report is a step toward transparency, but it may not be enough to rebuild public trust in the central bank.
Beyond the immediate recovery of funds, this incident serves as a wake-up call for Uganda’s financial institutions. A multi-pronged approach—strengthening cybersecurity, addressing insider threats, and fostering international collaboration—will be critical to safeguarding against future breaches. As investigations unfold, the government faces mounting pressure to act decisively.
