Fawry confirms ransomware breach but says financial information not compromised

The FinTech contracted a cyber security firm this month whose investigation found a breach on an isolated part of its network

A Fawry payment point at the Gezira Sporting Club in Zamalek, Cairo. Nada El Sawy / The National
Powered by automated translation

An investigation conducted by Egyptian FinTech Fawry has confirmed recent claims its network was breached by cyber criminal group LockBit and that no financial information was stolen, the company said on Sunday.

Egypt's leading electronic payments network crashed this month, leading to widespread advisories warning users to immediately delete bank account details from the app.

It was found no financial information was stolen as the attack was carried out in an isolated part of Fawry’s network, the company said in a statement.

However, personal details of some customers were extracted, including contact information such as addresses and phone numbers, in addition to dates of birth, it said.

Initial reports from customers indicated that random payments had been made from their accounts, leading to speculation that the network was hacked.

However, the company denied all claims of a ransomware breach at the time.

Fawry's live production environment, the main part of its network that hosts the entirety of its various financial services, was not affected by the breach, it said.

It contracted Group-IB, a cyber security firm, to investigate the matter after LockBit published segments of data it alleged were stolen from Fawry.

The part of the company’s infrastructure that was breached was a “testing environment” used to model and test changes to the main platform before they go live, Fawry said.

The company insisted none of the stolen data posed a security risk to customers.

Though initially denied by Fawry, the attack was confirmed by a number of international hacking monitors, including Falcon Feed and Hackmanac.

The Arab African International Bank also confirmed on November 8 that Fawry was under a cyber attack, with personal identification information of customers potentially exposed.

Immediate action was taken to block access but the activity presents a significant threat to the security of customer data, the bank said at the time.

It urged its employees to remove from the system any cards registered on Fawry and to closely monitor their transactions for potential issues in the following weeks.

Updated: November 26, 2023, 11:37 AM