Nigerian fintech Flutterwave loses 11 billion Nigerian Naira due to security breach

Flutterwave, a fintech company based in Lagos, Nigeria is reporting a security breach resulting in the diversion of ₦11  billion Nigerian Naira (approximately $7 million US) to various bank accounts. The incident occurred just a month after Flutterwave secured a court order to recover $24 US million lost due to unauthorized POS transactions, as reported by TechCabal.

The incident ocurred in April 2024 and included unauthorized transfers to multiple accounts across five financial institutions over four days, with deposits kept below fraud detection thresholds. The breach has been reported to law enforcement, and investigations are ongoing. Flutterwave has reached out to the involved financial institutions to request KYC details of the accounts implicated in the breach.

Flutterwave emphasized that no customer funds were lost or compromised, and customer data confidentiality is not compromised.

The details of the attack specific data types exposed in this breach are not disclosed. However, given the nature of the unauthorized transactions, it likely included sensitive financial information necessary for conducting the transfers.

Flutterwave is no stranger to incidents. Previously, in February 2023 hackers transferred over ₦2.9 billion from Flutterwave accounts and in October 2023 Unauthorized transactions by POS merchants led to the illegal transfer of ₦19 billion ($24 million) to about 6,000 accounts across 35 banks and financial institutions.

One wonders how Flutterwave still operates.