Kenya data breach: fingers point to Moldovan firm, B2Bhint
As Africa becomes a hotbed for cyber-attacks, a little-known Moldovan firm allegedly exploited a weakness in Kenya's government-owned Business Registration Service (BSR) to gain access to sensitive data of major shareholders in registered firms, according to Business Daily.
BRS is the sole custodian of a list of all companies and information for entities registered in Kenya.
According to Business Daily, B2Bhint, a Moldovan business intelligence firm, was selling a 'goldmine' of data of prominent shareholders in two million companies yesterday, including residential addresses, emails, and phone numbers.
B2BHint refuted the accusation, writing on X yesterday: “We discovered that some Kenyan company data, available on public URLs, is not meant to be public, suggesting a data breach. We’ve taken action and are awaiting @BRS_Kenya’s response to help resolve this.”
Nonetheless, Business Daily said the data on sale included that of President William Ruto, former President Uhuru Kenyatta and his family, and a number of other famous investors.
The attack, which is believed to have occurred on the night of January 31, raised serious concerns about data security, causing Kenya to launch an urgent containment effort.
The attack in Kenya comes as industry experts like Kaspersky warn that as the cyber security landscape evolves, cyber threats will become more diverse and complicated.
According to the cyber security firm, this trend is particularly as a result of the rise of Artificial Intelligence and rising geopolitical and economic volatility.
In the case of Kenya, Kenneth Gathuma, the director general of Kenya's BSR, said on Sunday investigations are already underway.
He explained: “Our cyber security experts are working closely with our cybersecurity partner, law enforcement, and investigative agencies to assess the scope of the incident, determine any potential impact, and implement necessary containment and mitigation measures. Once the investigation is complete, we will provide an update and directly engage with any affected parties.”
Gathuma continued: “As a precautionary measure, we have strengthened our security protocols to safeguard our systems and prevent future incidents. The Business Registration Service remains fully committed to addressing this matter with transparency and diligence.”