FDH Bank confirms engaging criminal group ‘Shadow Kill’: Puts spit on data breach by hacktivists

FDH Bank has commented on a Nyasa Times story that hackers attacked the financial institution’s  system but the bank has put a spin that its customers data has not been compromised in any way despite admitting engaging the hactivists called ‘Shadow Kill’.

According to a statement revealed by management of FDH Bank, which is on a path to list on the 14-counter Malawi Stock Exchange (MSE) by June 2020, the bank was contacted by Shadow Kill on November 13, 2019 through an anonymous email with claims that the group had breached the FDH Bank security protocols.

Despital details seen by Nyasa Times revealed a data breach resulting in the leak of information belonging of hundreds of customers,  FDH Bank downplays it as  “random computer commands, some staff email addresses and some mobile phone numbers.”

But Nyasa Times has seen that records were exposed, revealing the names, telephone numbers, email addresses, and transactions of clients including prominent people in the society.

FDH Bank said Shadow Kill demanded the bank to pay millions of kwachas through 4 Bitcoins, warning it will release such information to the general public.

But the bank said it noted that the information shared was “historical and meaningless.”

Reads the statement: “ The information collected by a former disgruntled employee in a misguided attempt to smear the organisation. The bank nevertheless engaged the purported group in order to extract more information as part of its risk management practices.”

But Nyasa Times saw correspondence between FDH Bank Head of IT, Ganizani Phiri  and Shadow Kill which Phiri asked if the hactivists were former employees. This was not established though.

FDH Bank said the engagement with the hacktivists was deliberately drawn out  as a comprehensive assessment of the bank systems was conducted.

The statement insists that “no breach had occurred and indeed the information shared and random commands were meaningless.”

FDH Bank said the engagement with the “criminal group” was terminated and in the meantime the bank is taking further action.

The management of FDH Bank said as a pioneer digital bank in Malawi, it is expected to be a target of malicious groups “seeking easy money, fame and attention such as Shadow Kill, just as other groups have targeted organisations like Google, Faceboook and Apple in recent times.”

While maintaining that it has not been hacked, FDH Bank, commits to continue to develop exciting solutions for customers and  regards customers funds and data security as key to its digital strategy.

In 2015, FDH Financial Holdings, the parent company of FDH Bank, bought an 80 percent stake in the then Malawi Government wholly-owned Malawi Savings Bank (MSB), which included five percent for the bank’s employees.

In 2017,  FDH Bank board approved the disposal of investment in MSB Properties Holdings Limited, which owned MSB Properties Limited to FDH Money Bureau Limited.

This was part of FDH Bank reorganisation to optimise the bank’s capital structure, according to the bank.

Sharing is caring!