The government has launched urgent containment measures following a major data breach at the Business Registration Service (BRS), potentially exposing sensitive information on millions of companies.
The cyberattack, believed to have occurred on the night of January 31, has raised serious concerns over data security in the country.
In a statement on Sunday, BRS Director General Kenneth Gathuma confirmed that investigations are underway.
“Our cybersecurity experts are working closely with our cybersecurity partner, law enforcement, and investigative agencies to assess the scope of the incident, determine any potential impact, and implement necessary containment and mitigation measures,” he said.
Gathuma assured the public that the agency is still verifying the extent of the breach, including the nature of any compromised data.
“Once the investigation is complete, we will provide an update and directly engage with any affected parties,” he stated.
As the custodian of Kenya’s company registry, BRS holds critical information, including company names, directors’ and shareholders’ details, business activities, physical addresses, contact information, and registration dates.
“As a precautionary measure, we have strengthened our security protocols to safeguard our systems and prevent future incidents. The Business Registration Service remains fully committed to addressing this matter with transparency and diligence,” Gathuma added.
How to Avoid Data Breach
Information, Communication, and Digital Economy Cabinet Secretary William Kabogo has urged businesses and individuals to take proactive measures to protect their data amid rising cyber threats.
He reassured Kenyans that the ministry has reinforced security protocols to safeguard government digital assets.
“Given the increasing risks in the evolving digital landscape, we urge individuals and businesses to take proactive steps to protect their personal and organizational data,” Kabogo stated.
He advised the public to regularly update passwords and enable multi-factor authentication where possible to enhance security.
He also cautioned individuals against sharing sensitive personal information online and emphasized the importance of verifying the authenticity of websites and emails to avoid falling victim to phishing attacks.
Additionally, he urged people to ensure their devices have the latest security updates and antivirus software installed. To prevent data loss, he encouraged regular backups of important information to secure locations.