Facebook Twitter Linkedin Instagram Youtube
belgium campus logo

Adumo payment tech exposed, hackers offer data for $7 000

A vibrant Times Square scene featuring tall digital billboards, including a large curved purple display reading “Lesaka” with “LSAK NasdaqListed” above it, positioned above the Nasdaq logo. To the right is an H&M advertisement showing two black‑and‑white fashion portraits. Additional smaller screens display colourful ads and city visuals against the busy urban backdrop.

No consumer data was breached after hackers gained access to “sensitive” technical information, says Lesaka. JSE-listed Lesaka unit Adumo is assuring its clients that no consumer data was breached during a cyber attack that apparently resulted in thousands of files being made available for sale on the dark web.

Website dailydarkweb.net reports that the company’s “highly-sensitive technical database and source code” has been priced at $7 000 (R114 920 at this morning’s exchange rate of R16.42). According to the site, the allegedly compromised data consists of 15 546 files totalling 14GB.

Adumo says it is South Africa’s largest independent payments processor. As of last June, it was providing payment processing and integrated software solutions to about 29 000 active merchants in a variety of business verticals across South Africa, Namibia, Botswana and Kenya. 

Lesaka bought Adumo in a R232 million deal in October 2024. The company processes more than R80 billion in transactions each year, aiding small and medium enterprises with financial inclusion.

In response to a request for comment from Lesaka CEO Lincoln Mali, the company shared a statement that says: “Adumo is aware of information circulating online and is conducting an internal investigation to verify its source and scope.”

Adumo adds its “initial assessment indicates that the material referenced is routinely shared with external partners and does not include customer data”.

Bigger picture

“The Adumo incident is particularly concerning, not necessarily because of confirmed customer data exposure, but because of the nature of the assets allegedly being circulated,” comments Jacqui Muller, Belgium Campus iTversity researcher and PhD candidate in computer science.

“At this stage, there is no verified indication of the volume of stolen data. The concern is that the reported assets contain sensitive information.”

While 16GB could equate to millions of records in a traditional data breach, the reported data types suggest this is more likely a compact but highly-sensitive set of technical artefacts, says Muller. 14GB of Lesaka’s technical payment solution data is for sale on the dark web for R100 000. (Source: dailydarkweb.net)

Muller says the breach seems to have compromised point-of-sale software, debugging tools, low-level documentation, insight into how secure chip-and-PIN transactions work, and certification artefacts for Mastercard and Visa systems.

Read the complete article on ITWeb here
Read the complete article on MSN here
  • Nicola Mawson, contributing journalist, ITWeb

Strategic move

Belgium Campus iTversity: Leading the way

Qualifications That Prepare You for the Future

Translate »