HQ/EMEAFind out how we can help your business
The Egypt-based Fawry e-payment service provider has allegedly suffered a cyberattack from the LockBit 3.0 ransomware group. Based on reports, these malicious actors have successfully encrypted critical files and exfiltrated sensitive data from Fawry’s infrastructure.
Initial findings revealed that the incident occurred on November 8 when LockBit published a sample of the stolen data on its data leak website. On the other hand, the affected entity disclosed that the ransomware attack had exposed the personal details of Fawry customers, prompting several banks to warn their clients about the potential risks associated with maintaining account information on Fawry’s platform.
Moreover, the e-payment service provider reassured everyone that the exposed information on its platform does not contain financial transactions. However, it acknowledged that specific leaked details include addresses, phone numbers, and dates of birth, raising concerns about the potential misuse of customer information.
The Fawry e-payment service provider has conducted defence operations to mitigate the impact of the LockBit ransomware attack.
The Fawry e-payment service provider has employed a third-party security vendor to address the attack. The cybersecurity provider has allegedly implemented proprietary advanced cybersecurity solutions across the company’s entire server infrastructure.
Subsequently, the third-party cybersecurity provider claimed that the production and testing environments are free from LockBit’s attacks as of November 23. The immediate action conducted by Fawry has gained commendation from the country’s officials.
One of Egypt’s government representatives emphasised the incident’s significance in an isolated part of Fawry’s network as a sign that their financial entities should assess and fortify their cybersecurity measures. Furthermore, the government urged all of their financial services sector to take precautionary measures to protect their infrastructure against potential data misuse.
However, not everyone commended Fawry’s response. An associate professor at the School of Management at Binghamton State University of New York criticised the third-party security provider and Fawry for the perceived lack of information transparency. The professor deemed the information released as “limited,” making it challenging to assess the adequacy of their response to the cyber incident.
Still, the company has dodged a bullet since the LockBit ransomware group could have taken advantage of the data breach, used it for other malicious purposes, and misused the exposed information.
