Massive Data Breach Hits Kenya's Business Registry

A major cybersecurity breach at Kenya's Business Registration Service (BRS) has exposed sensitive data of thousands of business owners, including prominent political figures and corporate leaders.

The breach, first detected in late January, has resulted in the unauthorized access of personal information including ID numbers, phone contacts, and residential addresses of registered business owners. More concerning is the exposure of confidential company information, which is now reportedly being offered for sale on the dark web.

Among those affected are businesses linked to President William Ruto and former President Uhuru Kenyatta's families, revealing previously private details about their business holdings and shareholding structures. The scale of the breach has raised serious concerns about data protection in government institutions.

The source of the breach has been traced to a Moldovan cybersecurity firm that had been granted access to BRS systems for security assessment purposes. The unauthorized data access reportedly occurred during system vulnerability testing, though the exact circumstances remain under investigation.

In response to the incident, the Business Registration Service has acknowledged the breach and launched a comprehensive investigation. The agency is working with cybersecurity experts to enhance system security and has issued guidelines to help business owners protect their information.

Key protective measures recommended by BRS include:

• Regular monitoring of business registration details
• Immediate reporting of any suspicious activities
• Implementation of additional security measures for business accounts

This incident marks one of the largest data breaches in Kenya's corporate sector, highlighting the growing need for robust cybersecurity measures in government institutions. The BRS has promised to provide regular updates as the investigation progresses.