The Sacco Societies Regulatory Authority (SASRA) has issued a warning to Savings and Credit Cooperative Societies (SACCOs) regarding potential cyberattacks and security breaches during the upcoming long Easter holiday.
“Periodic analysis and intelligence monitoring reports indicate that major cyber-attacks and security breaches within the SACCO sector often occur during extended public holiday weekends. These trends show that such incidents are predominantly perpetrated in the last 12 hours before the start of these long weekends and during the late evening and early night hours over the holidays,” stated Mr. Peter Njuguna, the SASRA Chief Executive Officer, in a statement issued on Thursday, April 17th, 2025.
SACCOs have been advised to remain vigilant from April 18th to Monday, April 21st, 2025.
“All regulated SACCOs, including both deposit-taking and those involved in non-withdrawable deposit-taking, are urged to heighten, intensify, and strengthen their cybersecurity monitoring and surveillance of management information systems (MIS), digital financial delivery channels, and other ICT infrastructures used to provide financial services to members. This is crucial to detect and prevent potential cyber-attacks or breaches during the Easter holidays,” Mr. Njuguna emphasized.
He also highlighted that SACCOs that have outsourced or rely on third-party systems for member access to electronic service delivery channels should exercise extra caution.
SACCOs have been advised to remain vigilant from April 18th to Monday, April 21st, 2025. SACCO members are encouraged to stay alert for unusual funds transfers originating from third-party financial institutions into SACCO paybills, mobile wallets, or other digital accounts.
Furthermore, regulated SACCOs and their third-party system vendors and integrators must implement 24/7 internal control measures to detect and prevent insider threats, such as employees colluding with external parties to execute cyber-attacks and breaches.
SASRA advises that special attention should be directed towards the electronic and digital accessibility of members’ Front Office Service Activity (FOSA) savings accounts. Caution should also be taken regarding requests to link FOSA savings accounts to mobile phone numbers. Additionally, any activities related to the electronic or digital linking of mobile phone numbers to funds in mobile money paybills or other settlement accounts should be approached with care.
SACCO members are encouraged to stay alert for unusual funds transfers originating from third-party financial institutions into SACCO paybills, mobile wallets, or other digital accounts.
