Cyber attackers steal company data in breach at Business Registration Services
BRS, one of the government’s most data-rich organisations, holds sensitive details on registered companies, their owners, directors, and beneficial owners.
The Business Registration Services (BRS) has been hit by a major data breach, resulting in sensitive information about private companies being exposed to the public.
The cyberattack, believed to have taken place on the night of January 31, has left the organisation scrambling to contain the situation.
More To Read
- Ethiopia, Morocco defense cooperation eyes cybersecurity, AI, and defense industries
- NIS boss Haji says AI and social media being weaponised to destabilise Kenya
- Google Chrome to introduce built-in malware scanner in upcoming update
- Geopolitical tensions and adoption of AI top key threats to cyber security, global report warns
- Kenya alleges coordinated digital attack, cites AI deepfakes, disinformation
- Over 100 cyber attacks targeting key government infrastructure recorded in eight months
A source familiar with the matter, who spoke to the Nation on the condition of anonymity, revealed that BRS executives spent most of Saturday, February 1, in emergency meetings discussing the breach.
“We still can’t say who is behind the breach, but it looks like the intent is sabotage because the nature of the breach looks like there was an internal actor,” the source said as quoted by the Nation.
When approached for comment, BRS Director-General Kenneth Gathuma said he was unable to provide a statement, as he was occupied with back-to-back meetings addressing the issue.
While the identity of the attacker remains unknown, reports confirm that the stolen data is already being sold on the dark web, a platform known for illegal activities.
The BRS, one of the government’s most data-rich organisations, holds sensitive details on registered companies, their owners, directors, and beneficial owners.
Before the breach, the agency charged fees to access this information, but the attack means that even non-paying individuals now have access.
The public database through which users could access such data is currently down, prompting questions about whether the attackers were responsible for disabling it.
The BRS also manages records of companies in financial distress through the Office of the Official Receiver, with fears that this sensitive information may have been compromised as well.
Under Kenya’s data protection laws, the affected organisation must assess the extent of the breach and notify those impacted.
This breach is the first major cyberattack on a government entity in over a year, following a similar incident at Kenya Airways in late 2023 that resulted in the theft of customer data.
Sources indicate that authorities have ruled out ransomware as a motive, as there have been no demands for payment to restore the stolen data.
Top Stories Today
- Bodyguard, driver were in contact with MP Charles Were’s killers- Police
- Were's murder case: Why LBDA director Ebel Ochieng is seeking magistrate's recusal
- State boosts roads budget to Sh171.9bn in infrastructure push
- Contractors hopeful as state nears end of Sh518.7bn pending bills review
- Government leases four state-owned sugar mills to private firms for 30 years
- Politician Philip Aroko detained for seven days in probe into Were's murder
- Parastatals merger: 3,100 jobs at risk as Treasury plans retirement offers
- Education Ministry nullifies UoN leadership shake-up over legal breaches
- Mwilu had no power to appoint bench in Gachagua impeachment case, court rules
- High Court bars police from investigating extra-judicial killings, abductions
- Were murder case: High Court orders Aroko to be produced on Monday
- Ruto moves to end ‘hakuna dawa’ with Sh10bn boost to KEMSA
- MCSK in turmoil as rivals clash over CEO Mutua’s position
- Over 150 illegal fuel dens demolished in Nairobi’s Industrial Area
- Global food prices climb for third straight month
- Audit flags Sh44.8 billion mystery on eCitizen platform
- AG seeks to block Omtatah’s Sh4.6 trillion debt petition
- UN extends South Sudan peace mission for a year
- State unveils rescue plan for debt-ridden public universities
- CS Wahome slammed for skipping Senate committee seven times
