Business Registration Service admits data breach after cyberattack on company registry
The Business Registration Service (BRS) has acknowledged a data breach affecting its company registry system, following a cyberattack that is believed to have occurred on the night of January 31.
In a statement on Sunday, BRS Director-General Kenneth Gathuma confirmed the data breach, noting that the organisation swiftly launched a thorough investigation and notified the relevant regulatory authorities.
"Upon receiving information about the potential data breach, we swiftly activated our Incident Response Plan, initiated a thorough investigation, and informed the relevant regulatory authorities," Gathuma said.
He noted that the organisation is working closely with its cybersecurity partner, law enforcement, and investigative agencies to assess the situation.
"Our cybersecurity experts are collaborating with the necessary partners to evaluate the scope of the incident, determine any potential impact, and implement containment measures," Gathuma added.
Although BRS is still verifying the details of the breach, including which data may have been compromised, Gathuma assured stakeholders that the organisation’s primary focus remains the security and integrity of the company registry.
"We want to assure all stakeholders that the security of the registry is our top priority. As a precaution, we have bolstered our security protocols to prevent future incidents," Gathuma said.
BRS pledged to provide further updates once the investigation concludes, and it promised to engage directly with affected parties.
"We remain committed to transparency and addressing this issue with the utmost diligence," he said.
The breach marks the first significant cyberattack on a government agency in more than a year, following a similar attack on Kenya Airways in late 2023, which led to the theft of customer data.
Top Stories Today
