Following a brazen system breach that manipulated the agency banking platform to leading it to make double transactions to bank agents requesting float, CEO East Africa Magazine understands the system has since been stabilised and focus is now on identifying what went wrong — and whether this was the result of simple negligence or a deliberately orchestrated fraudulent scheme. Strong suggestions now point to the latter, with investigators treating the case as a possible inside job.
In an additional statement issued on Thursday, September 18th, 2025, Sandra Apio, the Brand & Communications Manager, said:
“We reaffirm that all our banking services are functioning normally and customer funds and accounts are fully protected and secure. We would like to reassure our stakeholders and esteemed customers that our core systems remain secure and stable.”
Behind the Glitch
Sources familiar with the matter told CEO East Africa Magazine that the anomaly was triggered during end-of-day updates to the disaster recovery (DR) server — a routine process of backing up current data and configurations to a separate, offsite location. Ordinarily, when these updates are performed, the DR server should remain offline and not connect to the active production environment.
In this case, however, the DR server reportedly came online and ran in parallel with the main system. This created a scenario where two systems were processing the same transactions simultaneously, resulting in double-processed withdrawals and transfers that gave agents more cash than requested. Investigators are now probing whether this was due to negligence, malicious intent, or deliberate collusion.
Criminal Element Suspected
While initial accounts suggested a technical malfunction, insiders now believe there was a criminal element, given the speed and coordination of the withdrawals.
According to sources, the Disaster Recovery server was deliberately activated on Monday evening during the routine end-of-day reconciliation and remained undetected until the following evening’s update on Tuesday. In that window, agents allegedly recruited into the scheme began initiating requests and cashing them down. The sequence strongly points to internal assistance working alongside external actors, since the DR server should never have been activated without proper clearance.
“They must have had internal assistance. It was very internal with external assistance — otherwise there is no way it would have been activated,” one insider said.
The sequence of events also points to possible manipulation of these change management processes. Normally, every system change must be approved and signed off by IT leadership during nightly “End of Day” procedures, usually between 8:00 and 9:00 pm. Sources suggest the fraudsters may have exploited the IT leadership transition to trick the newly appointed head into authorising the change, which was only discovered the following morning.
Internal IT Oversight in Transition
The incident occurred amid leadership changes in KCB Uganda’s IT department. Mathew R. Mutagamba, who had served as Head of Information Technology since May 2023, resigned recently. In his absence, Willies Ochola was appointed in August 2025 as Acting Head of IT, seconded from KCB Group while the search for a substantive Head of IT is ongoing.
Ochola, a seasoned technology leader with over 15 years of experience in banking, payments, and ICT project management, previously served as Technology Business Partner at KCB Group in Nairobi and has held senior roles at Co-operative Bank of Kenya, Kenya Trade Network Agency, and the Central Bank of Kenya. His appointment is intended to stabilise IT leadership and reinforce governance, resilience, and cybersecurity during a sensitive period for the bank.
This leadership transition has drawn scrutiny as investigators consider whether weak oversight may have contributed to the breach — and whether the strengthened governance controls now being introduced will be sufficient to prevent recurrence.
How Stanbic Bank CFO Ronald Makata Blends Governance, Technology and Human Leadership to Drive PerformanceFinancial Exposure and Ongoing Investigations
Although early reports suggested losses running into billions, insiders now indicate the exposure is about UGX 3.2 billion, of which UGX 2.7 billion has already been recovered. Reconciliations are ongoing to establish the final figure.
According to our sources, KCB Bank has since constituted an internal committee, chaired by the Head of Internal Audit, to investigate the breach. The committee’s mandate is to establish whether the Disaster Recovery server was intentionally compromised, to what extent insider collusion may have been involved, and whether any staff members should face suspension, arrest, or disciplinary measures. It is also tasked with determining how much of the UGX 3.2 billion in losses can ultimately be recovered.
The Thief Within: A Growing Challenge
The incident underscores the vulnerabilities in Uganda’s fast-growing agent banking sector, where public trust and system integrity are paramount. With investigations ongoing and suspicions of insider involvement growing stronger, KCB Bank’s next steps will be crucial in restoring confidence and preventing future breaches.
The breach at KCB Bank Uganda comes against a broader backdrop of rising financial and economic crimes in the country. According to the Uganda Police Annual Crime Report 2024, Ugandans and businesses lost over UGX 1.02 trillion (USD 272 million) to fraud, cybercrime, and related economic crimes — a sharp rise from UGX 930.5 billion in 2023.
Notably, cybercrime-related financial losses surged by more than 4,700%, climbing from just UGX 1.5 billion in 2023 to UGX 72.1 billion in 2024. Cases nearly doubled from 245 to 474 over the same period. At the same time, reported cases of bank and corporate fraud more than doubled from 43 in 2023 to 90 in 2024, reflecting a 109% increase in frequency. Although overall losses in this category decreased from UGX 87.7 billion to UGX 5.3 billion, the trend indicated that while high-value heists were curtailed, smaller, more frequent frauds became more common.
The Uganda Bankers’ Association (UBA) has acknowledged these worrying trends and recently doubled down on industry-wide efforts to fight fraud. While recoveries remain small compared to losses, there was a 611% improvement in funds retrieved in 2024 (UGX 249 million recovered versus UGX 35 million in 2023). This improvement was largely attributed to enhanced forensic financial tracking and stronger collaboration between banks and regulators.
A deeper concern, however, lies with insider-enabled fraud, which remains one of the most financially devastating crimes. In Uganda, senior management was responsible for 43% of economic crimes according to PwC’s 2020 survey. By 2024, insider collusion — often paired with external actors — continued to play a critical role in major fraud incidents. This convergence of insider access and external manipulation presents one of the toughest challenges to fraud prevention.
Fraud in Uganda’s financial sector has become increasingly brazen, exploiting both technology and human vulnerabilities to devastating effect. The UBA estimates that between 2017 and 2022, at least UGX 43.6 billion was lost to fraud among its member banks — a figure that excludes mobile money theft, which falls outside UBA’s scope. The schemes ranged from impersonation and identity theft to cyberattacks and insider-enabled cash suppression, underscoring the sophistication and daring of perpetrators who exploit gaps in oversight and system controls.
What makes the situation more alarming is not just the frequency of these incidents, but their effectiveness. In 2022 alone, UBA members reported 206 fraud incidents, a figure already deemed “grossly underreported.” Of these, an extraordinary 91% of attempted fraud cases succeeded in causing financial loss, suggesting that once fraudsters make a move, they are almost certain to succeed. This success rate is far higher than global averages, where tighter fraud detection and prevention frameworks typically neutralize a larger share of attempts before money is lost.
The high success rate speaks to systemic weaknesses in fraud prevention and response across Uganda’s banking sector. While the greatest number of incidents have been concentrated in mobile banking, agent banking, and cash suppression, the largest category losses have stemmed from loan fraud and impersonation schemes. These patterns highlight the dual challenge of strengthening both digital resilience and institutional governance. Without urgent reforms and coordinated action, banks remain exposed to determined fraudsters whose audacity has so far been matched by alarming levels of success.
Ultimately, the KCB glitch is not just a technical failure — it is emblematic of the growing sophistication of financial crime in Uganda, where cybercriminals, insiders, and external fraud networks exploit systemic weaknesses. The incident underscores the urgency for banks to reinforce governance, strengthen cybersecurity, and deepen fraud detection capabilities to maintain public trust in the financial system.
