Flutterwave hit by ₦11 billion cybersecurity breach, claims customer funds not affected
The frequency and nature of these breaches raise serious questions about Flutterwave's security infrastructure and internal protocols as it looks forward to an IPO.
African financial technology leader Flutterwave has suffered a fresh security breach, just a month after obtaining a court order to recover $24 million lost to unauthorized point-of-sale (POS) transactions.
This time, the breach allowed unknown perpetrators to siphon off billions of naira into various bank accounts in April 2024, marking the fourth such incident reported within fourteen months.
Insider report suggests an estimated ₦11 billion ($7 million) was transferred to accounts across five financial institutions over four days. Meanwhile, a second insider puts the amount involved was at least ₦20 billion ($13.5 million).
The incident which has been confirmed by the fintech in a media statement likely went undetected because the perpetrators ensured the deposits remained below limits that would trigger fraud checks.
Meanwhile, Flutterwave maintains that "no customer funds or data were compromised in the breach.
Authorities have been alerted, with investigations already underway. Flutterwave has also taken proactive measures, reaching out to financial institutions to obtain Know Your Customer (KYC) details of the implicated accounts, subsequently imposing temporary restrictions on them.
These security breaches are not new to Flutterwave. In February 2023, hackers transferred over ₦2.9 billion from Flutterwave accounts. In March 2023, another ₦550 million was diverted to 107 accounts across 27 banks. In October 2023, an unauthorised POS transaction led to ₦19 billion ($24 million) being transferred to 6,000 accounts across 35 banks.
The frequency and nature of these breaches raise serious questions about Flutterwave's security infrastructure and internal protocols as it looks forward to an IPO.
Emmanuel Oyedeji
