Cyber Attackers Steal Sensitive Company Data in Major Breach at Business Registration Services

The Business Registration Services (BRS) has been hit by a major data breach, resulting in sensitive information about private companies being exposed to the public.

Cyber Attackers Steal Sensitive Company Data in Major Breach at Business Registration Services

The cyberattack, believed to have taken place on the night of January 31, has left the organisation scrambling to contain the situation.

A source familiar with the matter, who spoke to the Nation on the condition of anonymity, revealed that BRS executives spent most of Saturday, February 1, in emergency meetings discussing the breach.

“We still can’t say who is behind the breach, but it looks like the intent is sabotage because the nature of the breach looks like there was an internal actor,” the source said as quoted by the Nation.

When approached for comment, BRS Director-General Kenneth Gathuma said he was unable to provide a statement, as he was occupied with back-to-back meetings addressing the issue.

While the identity of the attacker remains unknown, reports confirm that the stolen data is already being sold on the dark web, a platform known for illegal activities.

The BRS, one of the government’s most data-rich organisations, holds sensitive details on registered companies, their owners, directors, and beneficial owners.

Before the breach, the agency charged fees to access this information, but the attack means that even non-paying individuals now have access.

The public database through which users could access such data is currently down, prompting questions about whether the attackers were responsible for disabling it.

The BRS also manages records of companies in financial distress through the Office of the Official Receiver, with fears that this sensitive information may have been compromised as well.

See also  AI: the African opportunity

Under Kenya’s data protection laws, the affected organisation must assess the extent of the breach and notify those impacted.

This breach is the first major cyberattack on a government entity in over a year, following a similar incident at Kenya Airways in late 2023 that resulted in the theft of customer data.

Sources indicate that authorities have ruled out ransomware as a motive, as there have been no demands for payment to restore the stolen data.


Discover more from AIpots

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

KBC X-Account Hacked, Name Changed to ‘DeepSeek AI'

Mon Feb 3 , 2025
The national broadcaster, Kenya Broadcasting Channel (KBC), has confirmed its X (formally Twitter) account has been hacked. The account has been paralysed for more than 17 hours. The account, which boasts of over 800,000 followers, suffered the hack late on Friday, January 31. Hackers changed the account from its normal […]
KBC X-Account Hacked, Name Changed to ‘DeepSeek AI'

You May Like

Discover more from AIpots

Subscribe now to keep reading and get access to the full archive.

Continue reading