The Office of the Data Protection Commissioner (ODPC) has responded to reports that the M-Tiba mobile health wallet platform may have experienced a cyber attack that exposed users’ personal and medical information.
In a statement released on October 29, the ODPC said it is taking the matter seriously and will act according to the Data Protection Act, 2019.
“The Office of the Data Protection Commissioner is aware of media reports that the mobile health-wallet platform M-Tiba may have experienced a cyber-incident involving the potential exposure of personal and health data of users,” the statement said.
The regulator added that it is currently in discussions with M-Tiba and other relevant parties to determine the exact nature and extent of the reported breach.
M-Tiba is a digital platform that allows users to access and manage health insurance benefits through their mobile phones.
The development comes after a hacker group identifying itself as “Kazu” claimed on October 25 to have accessed millions of medical and personal files from M-Tiba. The group alleged it obtained about 2.15 terabytes of data, which could represent one of Kenya’s largest data leaks.
To support its claims, the group released a 2GB sample on its Telegram channel. The leaked documents reportedly include: Names, National ID numbers, Phone contacts, Dates of birth and Medical details such as diagnoses and billing information
Early reviews suggest the affected data may cover around 114,000 users, including dependents, though the hackers claimed the total number could be as high as 4.8 million. That figure has not yet been confirmed.
The leaked files also include records from over 2,600 health facilities and scanned documents showing patient treatment information.
Email your news TIPS to Editor@Kahawatungu.com — this is our only official communication channel
