NAIROBI, Kenya – Kenya’s Business Registration Service (BRS) has launched an investigation into a potential data breach that may have exposed sensitive company registry information.
The agency is working with cybersecurity experts and law enforcement to assess the extent of the breach and tighten security protocols.
BRS Director General Kenneth Gathuma confirmed that authorities have been notified and are actively investigating the matter.
𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝗦𝘁𝗮𝘁𝗲𝗺𝗲𝗻𝘁 𝗼𝗻 𝗮 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵 – 𝗙𝗲𝗯𝗿𝘂𝗮𝗿𝘆 𝟮, 𝟮𝟬𝟮𝟱
While details remain unclear, concerns have emerged over the possibility that sensitive business records may have been compromised and even auctioned on the dark web.
“At this stage, we are still verifying the details of the alleged breach, including the nature and extent of the compromised data,” Gathuma stated.
He reassured stakeholders that immediate security measures have been taken to prevent future incidents.
This isn’t the first time Kenya’s business registry has faced scrutiny.
In 2021, the government initiated a cleanup of the database, requiring businesses registered before December 2016 to update key details—including registration numbers, shareholder structures, and director information.
While meant to enhance accuracy, this process also created a trove of personal and corporate data that, in the wrong hands, could lead to identity theft, fraud, or financial crime.
Cybersecurity experts warn that such breaches could have far-reaching consequences, especially if critical company information is misused.
Businesses and individuals associated with the registry are advised to stay vigilant, update their credentials, and monitor for any suspicious activity.
BRS has pledged to release updates as investigations progress and will engage directly with any affected parties. “The security and integrity of the company registry remain our top priority,” Gathuma emphasized.
For now, business owners should keep an eye out for any suspicious activity related to their registered details.
In an increasingly digital world, the risk of data breaches is a reality—and this incident is a stark reminder of the need for robust cybersecurity measures.
