Kenya’s Business Registration Service (BRS) has suffered a major cyber attack, exposing confidential data on businesses and their owners. Investigators have ruled out ransomware, but the stolen data is already being circulated on the dark web.
A Breach with Serious Implications
The cyberattack, which took place on 31 January, has prompted immediate action from BRS. The organisation’s Director General, Kenneth Gathuma, confirmed that an Incident Response Plan had been activated. However, the public database has been taken offline, though it remains unclear whether this was a precautionary measure or a direct result of the breach.
BRS, one of Kenya’s most data-rich government agencies, holds detailed records on registered businesses, their directors, and beneficial owners—information that is typically accessible only through official channels and for a fee. Additionally, sensitive documents from the Office of the Official Receiver—which manages businesses facing financial distress—may have also been exposed.
Despite the severity of the attack, investigators have ruled out ransomware, a tactic commonly used in previous cyberattacks on Kenyan institutions. This incident is the most significant government data breach since the 2023 cyberattack on Kenya Airways.
Government Response and Next Steps
Kenyan data protection laws require BRS to assess the extent of the damage and notify affected individuals. The agency has pledged full transparency and is working with law enforcement, cybersecurity experts, and investigative agencies to contain the breach and mitigate its consequences.
As cybersecurity threats continue to evolve, this breach underscores the urgent need for stronger data protection measures in Kenya’s public sector.
I am passionate about crafting stories, vibing to good music (and making some too), debating Nigeria’s political future like it’s the World Cup, and finding the perfect quiet spot to work and unwind.
2 replies on “Kenya’s Business Data Breach Sparks Cybersecurity Concerns”
[…] Kenya’s digital payments landscape’s digital payments landscape may be experiencing a significant shift as Safaricom and the Kenya Bankers Association (KBA) propose an industry-led approach to streamlining transactions. The two entities have submitted a proposal recommending Pesalink as the country’s preferred fast payment system (FPS), arguing that its existing infrastructure makes it the most viable option. […]
[…] Data protection experts are urging African countries to harmonise their scattered data privacy regulations to address growing concerns over artificial intelligence (AI) and cross-border data exchanges. The call for unified policies was made during a webinar titled “The State of Data Privacy in 2025: Trends, Challenges, and Best Practices,” hosted by Digital Jewels Africa, a consultancy firm focused on IT Governance, Risk, and Compliance across the continent. […]