The LockBit 3.0 ransomware group executed a successful encryption of files and purportedly exfiltrated data from Fawry, an Egyptian e-payment provider, triggering concerns about compromised customer information.
Public awareness of the breach emerged when LockBit showcased a sample of allegedly stolen data from Fawry’s infrastructure on its dedicated leak site on November 8. Following this revelation, cybersecurity monitoring platform Hackmanac indicated that personal details of Fawry customers had been extracted, prompting several banks to advise customers to remove their account information from Fawry’s platform.
Fawry responded to the attack, assuring that while the breached data would not impact financial transactions on its platform, it might include personal details of certain customers involved in a system migration project on the testing platform. Addressing the nature of the leaked information, Fawry confirmed the exposure of details such as addresses, phone numbers, and dates of birth.
Upon the discovery of the breach on November 9, Group-IB commenced an investigation, deploying comprehensive cybersecurity solutions across Fawry’s server infrastructure over three days. They declared Fawry’s production and testing environments free from LockBit’s presence as of November 23.
Anurag Gurtu, CPO and co-founder of StrikeReady, praised Fawry’s proactive response to the breach by engaging a cybersecurity firm for investigation. Gurtu emphasized the need for financial services entities to evaluate the incident’s impact and implement precautionary measures to safeguard against potential data misuse.
However, Sumatra Sarkar, associate professor at the School of Management at Binghamton State University of New York, criticized Group-IB and Fawry for the limited information provided, highlighting the challenge in assessing the adequacy of the response to the incident.