Skip to main content

Transnational Bank Hacked: A Tale of Negligence

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 6 August 2020.

Transnational Bank Hacked: A Tale of Negligence

Published on August 6, 2020, a hacking incident at Transnational Bank, fully owned by Nigerian lender Access Bank, exposed the bank's IT systems to significant risks. The hackers, who held the systems hostage, demanded an unspecified ransom, threatening to post sensitive data online if their demands were not met.

According to an audit report prepared by Ernst & Young LLP, the bank's ICT system was plagued by several weaknesses, including inadequate password and security settings, inappropriate access to IT administrator roles, and lack of role monitoring of users and user activity. These vulnerabilities made it easy for hackers to gain access to the system and exploit its weaknesses.

The audit report, dated December 31, 2019, highlighted several key findings, including:

  • inadequate password and security settings, which did not meet minimum complexity requirements;
  • inappropriate access to IT administrator roles, allowing business users to create new users and override controls within the application;
  • lack of role monitoring of users and user activity, posing a risk of unidentified application access violations and inappropriate transactions;
  • system issues with reset accounts on the Chequepoint Truncation System, allowing users to intentionally or unintentionally interfere with financial information;
  • weak access control of the server room, including combustible materials and lack of automatic fire suppression systems.

The hacking incident and the subsequent audit report raise concerns about the security and integrity of Transnational Bank's IT systems. The bank's acquisition by Access Bank in January 2020 did not address these weaknesses, leaving the bank vulnerable to similar attacks in the future.

It is essential for the bank to come forward and inform its clients about the hacking incident and the measures it is taking to address the weaknesses identified in the audit report.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →