9 Officials Detained Over Massive Hack of Uganda Central Bank Systems

• Ugandan Police arrested nine officials believed to have orchestrated a Central Bank hack.
• The detained individuals include a senior Treasury Department official and officers from the Accountant General’s office.
• Each individual’s role in the massive Bank of Uganda data breach is yet to be discovered.

Nine finance ministry officials have been detained by the Ugandan police amid an ongoing investigation into the Bank of Uganda's (BOU) IT systems breach that resulted in the theft of 62 billion Ugandan shillings (approximately $16.87 million).  

Last November, Uganda's State Minister for Finance, Henry Musasizi, confirmed reports that the central bank’s accounts had been breached. Hackers reportedly gained unauthorized access to the IT systems of the Bank of Uganda and illicitly transferred the funds, as per a Reuters report.

According to the state-owned New Vision newspaper, the attackers identified themselves as "Waste."  

The Criminal Investigations Department (CID), in collaboration with Defence Intelligence and Security (DIS), formerly Chieftaincy of Military Intelligence (CMI), has been interrogating various individuals from BOU, the Ministry of Finance, and the Accountant General.

This led to the detention of nine ministry officials behind a fake payment of a purported contractor who instructed BOU to disburse the money, including a senior official from the Treasury Department and officers from the accountant general’s office. 

Though the Finance Ministry’s statement on its X account did not disclose names or specific details, police spokesperson Kituuma Rusoke revealed the identities of all nine detainees during an interview with NTV television.

The arrested are Accountant General Lawerence Semakula, Jennifer Muhurizi, Mubarak Nansamba, Paul Lumala, Mark Kasuku, Judith Asaba, Deborah Kusiima, Tonny Yawe, and Priscilla Nayebare.

The official response has prompted calls for stronger governance and improved IT defenses across Uganda’s financial ecosystem. The central bank and finance ministry have yet to issue further public comments regarding the recovery of the stolen funds or additional measures to secure electronic systems from future attacks.   

The investigation is ongoing, and the outlook for recovering the stolen funds remains uncertain. 

As of now, the nine detained officials and the alleged perpetrators have not been reached for comment. Authorities continue to probe the complexity of the hack and the involvement of any internal or external collusion that could have facilitated such an egregious breach.

In other news, the WikiLeaksV2 group claimed a Parish Attorney’s Office of East Baton Rouge data breach, and India’s Ministry of New and Renewable Energy (MNRE) was reportedly the victim of a cyberattack.