Uganda confirms cyberattack on central bank but minimizes extent of breach

Ugandan officials confirmed on Thursday that the country’s central bank system was hacked by financially-motivated cybercriminals .

The statement from Uganda’s Minister of State for Finance, Henry Musasizi, followed several media reports claiming that a Southeast Asian hacker group breached the Bank of Uganda’s accounts and stole as much as $17 million.

Musasizi acknowledged that the Bank of Uganda had suffered a cyber incident, which likely occurred two weeks ago, but he did not confirm the reported amount of stolen funds.

“It is true that our account was hacked, but not to the extent of what is being reported,” Musasizi told parliament, urging lawmakers to be patient and wait for the completion of the audit and investigation “to avoid misrepresentation of facts.” According to Musasizi, a report on the incident is expected to be ready in about a month.

Uganda’s Daily Monitor newspaper earlier reported that the hackers deposited stolen funds into accounts in Japan and the U.K. British authorities have allegedly frozen about $7 million, although some of the money had already been withdrawn. 

Several Ugandan officials expressed concerns about the cyberattack and asked the finance ministry for explanations.

“It’s important that we know what is happening at the Central Bank. If money is being siphoned, whether by hackers or staff of the Bank of Uganda, it should worry all of us,” opposition leader Joel Ssenyonyi told parliament on Thursday.

“Nearly every two months, you hear about a heist at a commercial bank,” Ssenyonyi added, noting that it is even more alarming when the central bank is involved.