NAIROBI, Kenya — The Office of the Data Protection Commissioner (ODPC) has launched an investigation into reports of a possible cyber incident affecting mobile health-wallet platform M-Tiba, which may have led to the exposure of users’ personal and health information.
In a statement released Wednesday, the ODPC said it is aware of media reports indicating that M-Tiba, a platform that manages health payments and data, may have suffered a security breach.
“Our priority is to protect the rights of all data subjects—particularly given the sensitivity of health-related information—and ensure that appropriate action is taken in accordance with the Data Protection Act, 2019,” the ODPC said.
PRESS STATEMENT: M-TIBA DATA BREACH
The agency noted that it is actively engaging with M-Tiba, identified as the data processor, as well as other stakeholders to establish the facts and determine the extent of the breach.
The regulator reaffirmed its commitment to ensuring that any data security lapses are handled in line with Kenya’s data protection laws and that affected individuals’ privacy is safeguarded.
M-Tiba, operated by CarePay Kenya, is a widely used digital platform that enables users to save, send, and spend funds specifically for healthcare services through mobile devices.
The suspected breach has sparked concerns over the protection of sensitive health data and the growing frequency of cyberattacks targeting digital financial and health platforms in Kenya.
The ODPC urged patience as investigations continue and said further updates would be provided once more details emerge.
