A technical glitch during a critical data migration allowed customers of KCB Group, Kenya’s largest bank, to withdraw more money than they had in their bank balances. Ten people familiar with the matter told TechCabal that customers withdrew about $7.7 million (KES 1 billion) between Oct. 11 and 31.
The people said the bank froze the accounts of customers who overdrawn their accounts and notified them. The bank is also open to using loan recovery companies. The bank tried to consolidate its cloud database after migrating it from on-premise to a colocation centre, but the sync failed.
“After the server move, account balances on the back end were not updated in real-time. So customers were able to over-withdraw their accounts,” said a person familiar with the matter.
Hardest hit was the KCB M-Pesa Target Savings Account, which allows customers to take out short-term loans and save. “People were able to withdraw up to three times the amount of their savings,” said one of the people with direct knowledge of the account.
The technical disruptions, which lasted more than three weeks, highlighted the bank’s difficulties in modernizing its IT infrastructure.
According to a high-priority message sent to KCB staff at the height of the crisis, they were sometimes “unable to access affected systems,” resulting in hours of disruption or complete outages.
KCB Group declined to comment. At a crisis meeting on October 12, top executives discussed how to address the problem and recover lost funds. The bank has held similar meetings since then.
Cybercrime in Kenya
Fraud is a serious problem in Kenya’s financial services sector. Banks are losing about $130 million a year, according to credit reporting agency TransUnion Africa.
Most bank fraud cases go unreported as lenders quietly settle the cases with the knowledge of the Central Bank of Kenya (CBK) and other financial sector regulators. The Financial Reporting Centre of Kenya (FRC), an agency that tracks financial institutions’ money flows, reported more than $600 million in fraud linked to card fraud, corruption and terrorism in 2023.
