Fawry, Egypt's leading electronic payment network, crashed on Thursday, leading to widespread advisories warning users to immediately delete bank accounts details from the app.
Initial reports from customers indicated that random payments had been taken from their accounts, leading to speculation that the network was hacked.
Threat intelligence platform Falcon Feed reported a cyberattack that led to users' data being compromised.
In response, the Arab African International Bank confirmed that Fawry was under a cyber attack, with personal identification information (PII) of customers potentially exposed.
Immediate action was taken to block access, but the activity presents a significant threat to the security of customer data, the bank said.
The bank urged its employees to remove any cards registered on Fawry from the system and to closely monitor their transactions for potential issues in the coming weeks.
However, Fawry issued a formal statement denying any cyber breaches within Egypt, instead emphasising the efficiency and security of its electronic defences across all platforms and services.
Fawry's statement came as many customers faced issues accessing the website, which displayed server error messages, and were unable to reach their accounts on the mobile application.
The statement from Fawry said: “The company denies any rumours some have spread on social media about being subject to an attack or breach of its information system.”
“The company immediately investigated its servers live and based on the tests performed, it was determined that the servers serving customers and banks were not compromised.
“The company also assures that no financial or banking data of customers have been leaked and that it applies the highest cybersecurity standards according to the requirements of global regulatory bodies.”
Cyberattack confirmed by security site
Hackmanac, a specialised cybersecurity site, confirmed a ransomware attack against Fawry by the LockBit 3.0 gang, part of 25 similar assaults impacting companies globally today.
Hackmanac sources its data from the deep or dark web, the virtual space where cybersecurity attack data is traded. The site rated the attacks on Fawry as 5 out of 5 in terms of severity, with the scale starting from 1 to 5.
The gang has set a deadline of November 28 for Fawry to meet its ransom demands before it proceeds to publish the acquired data on the dark web.
A source from Fawry said that all data is fully encrypted and secured, hinting that the incident might be an attempt to merely disrupt the server operations rather than a full-scale data breach.