Connect with us

News

Major Data Leak Hits Business Registration Services in Cyber-Attack Exposes Sensitive Company Information

The full extent of the stolen data remains unclear, but there are confirmed reports that the compromised information is being sold on the dark web, a hidden part of the internet often used for illegal activities.

Published

on

The Business Registration Services (BRS) has suffered a significant data breach following a cyber-attack, potentially exposing sensitive information about private companies to the public.

The breach, which occurred on the night of Friday, January 31, has raised serious concerns about the security of confidential data held by government agencies.

A source close to the matter confirmed the breach, revealing that BRS executives were locked in crisis meetings for most of Saturday, February 1, to address the fallout. The source, who spoke on condition of anonymity due to restrictions on speaking to the media, suggested that the breach may have involved an internal actor.

“We still can’t say who is behind the breach, but it looks like the intent is sabotage because the nature of the breach suggests an internal actor,” the source said.

Advertisement

Data Exposed, Dark Web Links Confirmed

The full extent of the stolen data remains unclear, but there are confirmed reports that the compromised information is being sold on the dark web, a hidden part of the internet often used for illegal activities.

Kenya Insights has verified that the leaked data, hosted on a dark web site, includes records of all registered Kenyan companies dating back to 1967. The dump contains confidential information such as the names and contact details of company owners, directors, and beneficial owners.

Data-Rich Target

The BRS is one of the most data-rich entities within the Kenyan government, holding critical information on all registered companies, including their owners, beneficial owners, and directors. This data is typically accessible only through a paid service, but the breach has potentially made it available to anyone, bypassing the usual safeguards.

Advertisement
Related Content:  COAST: Rising Insecurity Linked To Mombasa Cement’s Free Food Donations

The agency’s online database, which allows the public to access such information, is currently down and inaccessible. This has raised suspicions that the attackers may have deliberately taken the system offline as part of their operation.

Additionally, the Office of the Official Receiver, which operates under the BRS, maintains records of companies in financial distress. It is feared that this sensitive data may also have been compromised in the breach.

Motive Remains Unclear

While the motive behind the attack is still unknown, sources indicate that authorities have ruled out ransomware as a likely cause. Ransomware attacks typically involve hackers demanding payment in exchange for restoring access to stolen data. In this case, the breach appears to have been aimed at exposing sensitive information rather than financial extortion.

Legal and Regulatory Implications

Advertisement

Under Kenya’s data protection laws, organizations are required to assess the extent of any data breach, notify affected parties, and take steps to contain the situation. The BRS is expected to issue a formal statement once the full scope of the breach is understood.

This incident marks the first major data breach involving a government entity in over a year, following a cyberattack on Kenya Airways in late 2023, which resulted in the loss of significant customer data.

UPDATE: BRS Confirms Data Breach, Investigation Underway

The BRS has officially confirmed reports of a data breach affecting its company registry database.

In a statement on Sunday, February 2, BRS Director General Kenneth Gathuma acknowledged the breach and stated that the agency had initiated an immediate response.

Advertisement
Related Content:  Experts Warn Of Second Wave Of Desert Locusts In January

“Upon receiving this information, we immediately activated our Incident Response Plan, launched a comprehensive investigation, and notified the relevant regulatory authorities,” the statement read.

BRS further stated that its cybersecurity experts are working closely with law enforcement, investigative agencies, and cybersecurity partners to determine the extent of the breach and implement necessary containment measures.

“Our cybersecurity experts, in collaboration with our cybersecurity partner, law enforcement, and investigative agencies, are assessing the scope of the incident, determining any potential impact, and implementing necessary containment and mitigation measures,” the agency added.

BRS Director General Kenneth Gathuma.

However, BRS noted that it is still in the process of verifying the details of the breach, including the nature and impact of any compromised data.

“At this stage, we are still verifying the details of the alleged breach, including the nature and extent of any compromised data,” the statement continued.

The agency assured stakeholders that affected parties would be directly engaged once the investigation is concluded.

Advertisement

Strengthening Security Measures

To mitigate further risk, BRS has implemented additional security measures to reinforce its cybersecurity infrastructure and prevent future incidents.

Additionally, the agency has pledged to maintain transparency throughout the investigation process, promising regular updates to the public and business stakeholders.

“Once the investigation is complete, we will provide an update and directly engage with any affected parties,” BRS stated.

BRS has also called for cooperation from all relevant parties as it works toward a swift resolution.

Advertisement
Related Content:  Hackers Breach Israeli’s Defense Ministry Computers, Steal Sensitive Information For Sale

“We want to assure all stakeholders that the security and integrity of the company registry remain our top priority. As a precautionary measure, we have strengthened our security protocols to safeguard our systems and prevent future incidents,” added Director General Gathuma.

The investigation is ongoing, with further updates expected as new information becomes available.


Kenya Insights allows guest blogging, if you want to be published on Kenya’s most authoritative and accurate blog, have an expose, news TIPS, story angles, human interest stories, drop us an email on [email protected] or via Telegram
Advertisement
Advertisement
Advertisement

Facebook

Most Popular

error: Content is protected !!