By 
Kenyan Business Registration Service (BRS) hit by cyberattack, millions of company records at risk.
The Kenyan government has confirmed a significant data breach at the Business Registration Service (BRS), potentially compromising sensitive information on millions of registered companies across the country.
RELATED: Massive data breach hits BestFin Nigeria: 846,000 customers’ data exposed
The cyberattack, believed to have occurred on the night of January 31, 2024, has sparked serious concerns over data security and government system vulnerabilities, prompting urgent containment and mitigation efforts.
Authorities Launch Investigation into Cyberattack
In an official statement, BRS Director General Kenneth Gathuma revealed that cybersecurity experts are working closely with law enforcement, investigative agencies, and cybersecurity partners to assess the full impact of the breach.
“Our cybersecurity experts are collaborating with law enforcement and investigative agencies to evaluate the scope of the incident, determine the nature of compromised data, and implement containment measures,” said Gathuma.
While the extent of the breach is still under investigation, initial findings indicate that critical company information—including company names, directors’ and shareholders’ details, business activities, physical addresses, contact information, and registration dates—could be at risk.
Business Registration Service Moves to Strengthen Cybersecurity
As the sole custodian of Kenya’s company registry, BRS plays a crucial role in maintaining business data integrity and regulatory compliance. Recognizing the severity of the breach, BRS has enhanced its security protocols to prevent further attacks.
“As a precautionary measure, we have reinforced our cybersecurity defenses to protect our systems and prevent future breaches. The Business Registration Service remains fully committed to addressing this issue with transparency and diligence,” Gathuma assured.
Concerns Over Government Data Security and Cyber Resilience
This breach raises critical questions about Kenya’s cybersecurity preparedness, especially concerning government-managed databases containing sensitive citizen and corporate information. Experts warn that if highly confidential business data falls into the wrong hands, it could lead to identity theft, corporate fraud, financial crimes, and reputational damage for affected entities.
Cybersecurity analysts have called for:
- Stronger data encryption measures for government systems
- Regular security audits and threat assessments
- Strict compliance with global cybersecurity best practices
- Greater collaboration between public and private sectors to enhance cyber resilience
Next Steps and Public Advisory
BRS has assured full cooperation with affected parties and pledged to issue an official update once the investigation concludes. Businesses registered with BRS are advised to remain vigilant, monitor their company details for unauthorized changes, and report suspicious activities to relevant authorities.
The Kenyan government is expected to outline further cybersecurity measures to restore public confidence and prevent future breaches in critical national databases.
