Flutterwave Faces Another Security Breach, Losing Billions in Unauthorised Transfers

🚨 Incident Details:

- Loss Amount: Approximately ₦11 billion ($7 million), with some sources suggesting up to ₦20 billion ($13.5 million).

- Date: April 2024.

- Method: Unauthorized transfers to several bank accounts over four days, with amounts kept below fraud detection limits.

Company Response:

- Flutterwave detected "unauthorized activities inconsistent with usual customer behavior."

- The company assures that "no customer funds were lost or compromised."

- The breach involved a small subset of their customer base.

Investigation:

- Law enforcement has been informed and investigations are ongoing.

- Flutterwave has requested KYC details from financial institutions to identify the involved accounts, which have been temporarily restricted.

Recurring Issue:

- This marks the fourth incident of unauthorized transfers at Flutterwave in the past fourteen months.

- Previous breaches include:

  - October 2023: ₦19 billion ($24 million) transferred across 6,000 accounts.

  - March 2023: ₦550 million transferred to 107 accounts.

  - February 2023: ₦2.9 billion diverted to 107 accounts.

Security Measures:

- The Central Bank's mandate for customers to provide BVN or NIN for account opening by March 2024 is expected to aid in identifying the account owners involved.

Impact on Fintech:

- This breach underscores the ongoing security challenges in the financial services industry.

- Flutterwave's proactive steps and collaboration with law enforcement aim to mitigate such risks and enhance security measures.

🔒 Ensuring Secure Transactions: As cyber threats evolve, fintech companies must continuously upgrade their security protocols to protect customer data and funds.

Read more on TechCabal