The Business Registration Service (BRS) has confirmed reports of a potential data breach impacting the company registry’s information.
In a statement on Sunday, February 2, BRS Director General Kenneth Gathuma indicated that it had initiated response to the concern.
Further, BRS stated that it had quickly activated its Incident Response Plan and launched a comprehensive investigation to determine the scope and impact of the alleged breach.
Additionally, the relevant regulatory authorities have been notified to ensure proper oversight and coordination.
“Upon receiving this information, we immediately activated our Incident Response Plan, launched a comprehensive investigation, and notified the relevant regulatory authorities.
“Our cybersecurity experts are working closely with our cybersecurity partner, law enforcement, and investigative agencies to assess the scope of the incident, determine any potential impact, and implement necessary containment and mitigation measures.
Also Read: What to Do Immediately Your WhatsApp is Hacked, A Step-by-Step Guide
Business Registration Service (BRS) Indicates Way Forward for Businesses
However, BRS has noted that they are still in the process of verifying the details of the breach, including the nature and potential impact of any compromised data.
They have assured stakeholders that any affected parties will be directly engaged once the investigation is concluded.
“At this stage, we are still verifying the details of the alleged breach, including the nature and extent of any compromised data,” stakeholders were assured.
Further, to mitigate any further risk, BRS has implemented additional security measures to reinforce its cybersecurity infrastructure and prevent similar incidents in the future.
Also, it has promised to maintain transparency throughout the investigation process, assuring the public and business stakeholders that updates will be provided as new information becomes available
“Once the investigation is complete, we will provide an update and directly engage with any affected parties,” explained BRS.
The service has called for the continued cooperation of all parties involved as they work toward a swift and effective resolution.
“We want to assure all stakeholders that the security and integrity of the company registry remain our top priority. As a precautionary measure, we have strengthened our security protocols to safeguard our systems and prevent future incidents,” added the Director General.
Also Read: Kenyan Govt Agency Hacked; Data Being Sold on Dark Web
The Data Breach
A cyberattack is believed to have occurred on the night of January 31, leaving the Business Registration Service (BRS) scrambling to manage the breach.
Executives spent February 1 in emergency meetings, as reports confirm stolen data is already being sold on the dark web.
BRS, which holds sensitive information on companies and their owners, had previously charged fees for access. The breach has made this data available to non-paying individuals.
Consequently, the public database is down, and it’s unclear if attackers caused this disruption. BRS also manages records of companies in financial distress, raising concerns that this sensitive data may also be compromised.
Under Kenya’s data protection laws, the agency must assess the breach and notify affected parties.
Follow our WhatsApp Channel and join our WhatsApp Group for real-time news updates