Govt Says No Personal Data Breached in Cyberattack on State Websites

David Wafula

4 weeks ago

The government has assured the public that no personal or government data was accessed during a cybersecurity incident that affected several state websites on November 17, 2025. The attack briefly made the sites unavailable.

Websites for major ministries — including Education, Labour, Environment, ICT, Tourism, State House, and Interior — were hit. The attackers defaced the platforms by changing their appearance and posting disturbing messages such as “Access denied by PCP” and “So are your local politicians.”

In a statement on Monday evening, the Ministry of Information, Communication and the Digital Economy said the incident only affected access to the websites.

“No personal or government data was accessed, altered, or lost. We applied immediate mitigation measures and took the necessary actions to secure the affected sites. We have also increased monitoring to prevent similar incidents,” the ministry said. The government added that all affected websites have since been restored.

Interior Principal Secretary Raymond Omollo said preliminary investigations indicate that a group calling itself “PCP@Kenya” was behind the cyberattack.

PS Omollo assures security at Kenya-Tanzania border, urges peaceful protests

“Following the incident, we immediately activated our incident response and recovery procedures, working closely with relevant stakeholders to mitigate the impact and restore access to the affected platforms,” PS Omollo said.

He confirmed that the situation has been contained and that systems are now under continuous monitoring.

“Our focus is on building layered defences, improving readiness, and ensuring that any attempt is detected early, contained quickly, neutralized decisively, and its impact minimized,” he added.

The government is urging members of the public, as well as public and private institutions, to remain alert, take necessary precautions, and report any suspicious online activity.

Authorities say the attack violated several laws, including the Computer Misuse and Cybercrimes Act, the Kenya Information and Communications Act, and the Data Protection Act. Those responsible will face legal action.

The government also reassured Kenyans of its commitment to strengthening the country’s digital security.

“We remain focused on enhancing cyber resilience through strengthened capabilities, improved coordination, and sustained collaboration with the private sector and other stakeholders,” PS Omollo said.