NAIROBI, Kenya – The National Social Security Fund (NSSF) has dismissed claims that it suffered a massive data breach, following allegations from an anonymous hacker who claimed to have infiltrated the fund’s internal systems.
In a statement issued late Monday night, NSSF assured its members that their personal data and financial records remain secure.
The social security agency acknowledged an attempted cyber sabotage targeting its image storage system, but maintained that its core infrastructure was untouched.
“We wish to assure our members that the core system, which stores member data and financial transactions, remains secure and safe,” NSSF said.
PRESS STATEMENT: Attempted Cyber Intrusion.#NSSFKenya #GrowingYouForGood
The assurance came hours after a self-identified hacker operating under the alias “Devman” posted on X, alleging that they had exfiltrated 2.5 terabytes of data from the fund.
The hacker claimed to have accessed NSSF’s systems through the Lightweight Directory Access Protocol (LDAP), a widely used network protocol, and modified Group Policy Object (GPO) updates—key configuration settings in Windows-based networks.
In the same thread, Devman boasted about having remote desktop access (RDP) within the fund’s network and mocked cybersecurity firm Kaspersky for allegedly failing to detect the intrusion.
“NSSF Kenya – 2.5 TB (of data stolen), plus GPO update and spread via LDAP and available share scan,” the hacker posted. “Special thanks to @Kaspersky team for not noticing mimitaktz and my movement in general.”
NSSF kenya – 2.5 TB (of data stolen), plus GPO update and spread via LDAP and available share scan. I really thank the admin of @NSSF_ke for allowing me to have RDP on the network, and special thanks to @kaspersky team for not noticing mimitaktz and my movement in general.
Despite the claims, NSSF insists there is no evidence that any data—personal or financial—was accessed or leaked.
“Based on the findings of our ongoing investigations, there is no evidence that any personal or financial member data has been compromised or extracted,” the statement read.
Still, the nature of the hacker’s claims raises red flags for cybersecurity experts.
If the allegations regarding GPO tampering and LDAP access are true, they could potentially allow a bad actor to install malware, alter security settings, or establish persistent backdoor access across the network.
The fund, which manages retirement savings for millions of Kenyan workers, holds a vast trove of sensitive information, making it a high-value target for cybercriminals.
The alleged breach also renews scrutiny over cybersecurity protocols in key public institutions, particularly as more government services move online.
While NSSF’s swift denial may calm fears in the short term, experts say transparency and robust forensics will be crucial in rebuilding public trust and ensuring system integrity.
