Egyptian fintech Fawry denies breach even though listed on Lockbit gang breach site

On Thursday, 9th of November Fawry, a major electronic payment network in Egypt, experienced a system crash. Customers reported unexplained transactions, fueling suspicions of a network breach. Numerous customers encountered difficulties accessing Fawry's website, which showed server errors, and found themselves locked out of the mobile app.

It wass suspected that the crash is a result of a cyberattack compromising user data. Subsequently, the Arab African International Bank acknowledged the cyberattack on Fawry, highlighting the risk of customer personal identification information (PII) being leaked. The bank advised its staff and customers to remove any bank cards from the Fawry app and to monitor their financial activities for anomalies in the following weeks.

Fawry is contesting the claims of a cybersecurity breach and refuted social media rumors about a data system attack or compromise. Fawry claims that  immediate server review and tests affirmed the integrity of their systems serving customers and banks. Fawry reassured its customers that their financial and banking details remain secure.

Nonetheless, security researchers have confirmed that Fawry was indeed the target of a ransomware attack by the LockBit 3.0 syndicate. The hacker group has listed Fawry on their leak site and has given Fawry until November 28 to meet their ransom demands or face the public disclosure of the stolen data on the dark web.

It's still unclear whether LockBit has actually stolen readable data or encrypted files, and whether the threat is credible. It's however a fact that Fawry was attacked. What's in dispute is the impact severity.

Update - on 25th of November Fawry confirmed a breach by LockBit but reported no financial data was stolen, although customer personal details were compromised. The attack was isolated to a testing part of their network, leaving Fawry's primary financial services intact