Kenya: Cyber Attack Exposes Business Deals of Kenya’s Political Elite, Ruto and Kenyatta

Cape Town — In a major breach of security, a cyberattack in Kenya exposed the private business dealings of President William Ruto and former President Uhuru Kenyatta, among other prominent figures, reports FirstPost Africa.

The attack targeted the Business Registration Services (BRS), one of Kenya’s most data-rich government agencies. The BRS holds sensitive, private information on all registered companies, including their owners, beneficial owners, and directors.

The exposed data include company names, directors, shareholders’ details, and personal information such as business owners’ IDs, phone numbers, and home addresses. The breach revealed the extensive business interests of Kenya’s political elite, including those of President William Ruto and former President Uhuru Kenyatta.

First Lady Rachel Ruto was prominently mentioned in the leak, with her name tied to various businesses across multiple sectors. Reports suggest that she and her son are connected to several companies. Her daughter was also identified as the owner of one of Kenya’s most luxurious Airbnb properties.

The leaked data includes President Uhuru Kenyatta’s business affairs. While his foundation and the UR Kenyatta Institute Limited are well-known, the breach revealed his involvement in lesser-known businesses, including Uhuru Kenyatta Security and Cleaning Services, a South African company where his brother holds significant directorial and shareholder roles. The former president is reportedly linked to over 50 organizations.

The breach also exposed foreign ownership in Kenyan companies. Notably, the Nairobi Expressway project is revealed to be owned by a company based in the United Arab Emirates (UAE).

Authorities are still unclear on the identity of the attackers and the full extent of the data stolen. However, they have ruled out the possibility of ransomware, where attackers typically demand a ransom in exchange for the stolen data.

There are reports that the stolen data is being sold on the dark web, prompting some to speculate that the breach may have been an inside job. The leak reignited calls for stronger data protection laws and more effective cybersecurity measures in Kenya.

The country has seen a sharp rise in cyber attacks, with a staggering 860 million incidents recorded last year. According to the Communications Authority of Kenya, cybercrime cost the country approximately $83 million in 2023. Between April and June of 2024 alone, more than 1.1 billion cyber threats were detected.

ADVERTISEMENT