- A staggering $16.2 million from the Bank of Uganda (BoU) was wired into suspect accounts in Japan, audit shows.
- Uganda’s Auditor-General fingers systemic flaws and possible criminal intent in the November 2024 cyber heist.
- Parliament has now forwarded the file for further investigantion by Uganda’s Directorate of Criminal Investigations (CID).
In a high-stakes digital heist, hackers infiltrated Uganda’s treasury systems, siphoning off a staggering $16.2 million (approximately USh60 billion) from the Bank of Uganda (BoU). The theft, first reported in November 2024, sent shockwaves across the country, prompting a forensic audit by the Auditor-General.
The findings of this audit have since ignited intense investigations by the Directorate of Criminal Investigations (CID), laying bare the vulnerability of Uganda’s financial systems.
Auditor-General report on $16.2 million cyber theft
The explosive revelations landed in Parliament on January 9, 2025, where Government Chief Whip Denis Hamison Obua presented the Auditor-General’s report. The report painted a grim picture of systemic flaws and alleged criminal intent in the management of public funds.
Speaker of Parliament Anita Among, after consulting with President Yoweri Museveni, directed the report to the CID for a deeper investigation.
“Looking at the ingredients of the report, they are criminal in nature. Because of their criminality, we will direct this report to the CID for further management,” said Among, underscoring the gravity of the situation.
However, not all lawmakers agreed with this approach. Ndorwa County East MP Wilfred Niwagaba and Tororo North County MP Geofrey Ekanya urged that parliamentary committees scrutinize the report before it was handed over to the CID. Their appeals, however, were overruled by the Speaker, who cited need for urgency in the looming criminal investigation.
How the cyber heist unfolded
The seeds of this crisis were sown in November 2024 when media outlets broke the story of hackers breaching BoU’s treasury system. These cybercriminals managed to orchestrate fraudulent transactions, with two debt servicing payments allegedly funneled to incorrect beneficiaries in far flung Japan.
BoU Deputy Governor Michael Atingi-Ego later disclosed to the Committee on Commissions, Statutory Authorities, and State Enterprises (COSASE) that these erroneous payments were the result of a faulty directive from the Ministry of Finance, Planning, and Economic Development.
He also revealed that $8.2 million of the stolen funds had been recovered, offering a glimmer of hope in an otherwise hopeless scenario.
Government downplays the damage
In a bid to contain the fallout, State Minister for Finance Henry Musasizi addressed Parliament, admitting that the central bank accounts had indeed been hacked. However, he contested the reported figure, claiming the amount stolen was less than $16.2 million.
Despite these assurances, public confidence in the government’s ability to safeguard national resources has taken a significant hit.
The theft has triggered widespread calls for accountability, with critics questioning the integrity of Uganda’s financial systems and the effectiveness of its cybersecurity measures. Opposition Leader Joel Ssenyonyi, whose initial concerns prompted the forensic audit, has called for greater transparency and stricter oversight of the central bank.
“This is a wake-up call for all of us,” Ssenyonyi stated. “We cannot afford to have such glaring vulnerabilities in our financial systems. The government must ensure that those responsible for this debacle are held accountable.”
Uganda’s cybersecurity measures in the spotlight
The BoU heist has highlighted the growing threat of cybercrime in an increasingly digital world. Experts warn that Uganda, like many developing countries, faces significant challenges in combating sophisticated cyberattacks. The incident serves as a stark reminder of the need for robust cybersecurity infrastructure and proactive risk management strategies.
As the CID takes over the investigations, the public expects not just the culprits behind the heist but also an inside view about the systemic lapses that made such a brazen act possible. Lawmakers and citizens alike are demanding justice and reforms to prevent similar incidents in the future.
For the BoU, the heist is a wake-up call to reassess its internal controls and cybersecurity measures. The central bank’s ability to recover part of the stolen funds is commendable, but it is clear that more needs to be done to restore public trust.
The theft of $16 million from Uganda’s treasury is more than just a financial scandal; Uganda must fortify its defenses against the ever-evolving threat of cybercrime.
Read also: Uganda and Tanzania erupt in protests over $10Bn oil pipeline deal
