Hackers under the group Kazu claim to have breached M-Tiba, a Safaricom-backed digital health wallet operated by CarePay, stealing 17 million files (2.15TB) of sensitive data. The leaked sample (2GB) includes patients’ names, national ID numbers, dates of birth, phone contacts, medical diagnoses, billing records, and treatment details from 114,000 users (potentially affecting 4.8 million people). The breach also exposed data from 700+ health facilities, including doctor notes, insurance details, and handwritten medical records.The incident, if confirmed, would be one of Kenya’s largest medical data breaches, violating the Data Protection Act (2019), which mandates strict safeguards for health records. M-Tiba neither confirmed nor denied the breach but requested leaked files for investigation. The Office of the Data Protection Commissioner (ODPC) acknowledged the case but declined further comment.Given M-Tiba’s role in health payments, insurance claims, and government subsidies, the breach risks identity theft, financial fraud, and reputational damage to patients, clinics, and insurers. Kenya’s rising cyber threats including phishing, ransomware, and public-sector attacks highlight systemic vulnerabilities in digital health infrastructure.
Source: https://techcabal.com/2025/10/28/safaricom-backed-m-tiba-hacked-exposing-4-8-patient-records/
TPRM report: https://www.rankiteo.com/company/carepay-international
"id": "car4532345102825",
"linkid": "carepay-international",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '114,000 (confirmed in sample); '
'up to 4.8 million (claimed)',
'industry': 'Healthcare Technology',
'location': 'Nairobi, Kenya',
'name': 'M-Tiba',
'size': '4+ million users, 3,000+ partner hospitals',
'type': 'Digital Health Wallet Platform'},
{'industry': 'Healthcare',
'location': 'Nairobi, Kenya',
'name': 'CarePay',
'type': 'Health Technology Company'},
{'industry': 'Fintech/Telecom',
'location': 'Kenya',
'name': 'Safaricom',
'type': 'Telecommunications Company'},
{'industry': 'Healthcare',
'location': 'Kenya',
'name': '700+ Health Facilities',
'type': 'Hospitals/Clinics'}],
'data_breach': {'data_exfiltration': 'Confirmed (2GB sample shared on '
'Telegram; 2.15 TB claimed stolen)',
'file_types_exposed': ['Patient claim forms',
'Billing invoices',
'Diagnostic summaries',
'Handwritten medical notes',
'Insurance records'],
'number_of_records_exposed': '17 million files (claimed); '
'114,000 users (confirmed in '
'sample)',
'personally_identifiable_information': ['Names',
'National ID numbers',
'Dates of birth',
'Phone numbers',
'Medical diagnoses'],
'sensitivity_of_data': 'High (health records classified as '
'sensitive under Kenya’s Data '
'Protection Act)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial/Billing Data',
'Operational Health Facility '
'Data']},
'description': "Hackers under the group name 'Kazu' claim to have stolen over "
'17 million files (2.15 TB) from M-Tiba, a Safaricom-backed '
'digital health wallet in Kenya. The breach includes sensitive '
'patient data such as names, national ID numbers, dates of '
'birth, phone contacts, medical diagnoses, billing '
'information, and records from ~700 health facilities. The '
'group shared a 2GB sample on Telegram, exposing ~114,000 '
'users, with claims that up to 4.8 million people could be '
'affected. M-Tiba (operated by CarePay) has neither confirmed '
'nor denied the breach but requested evidence for '
'investigation. The incident, if confirmed, would be one of '
'Kenya’s largest data breaches, violating the Data Protection '
'Act (2019) due to the exposure of sensitive health records.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust in '
'digital health services)',
'data_compromised': ['Patient names',
'National ID numbers',
'Dates of birth',
'Phone contacts',
'Medical diagnoses',
'Billing information',
'Doctor names',
'Insurance company details',
'Treatment costs',
'Handwritten medical notes',
'Health facility records'],
'identity_theft_risk': 'High (exposure of national IDs, personal, '
'and medical data)',
'legal_liabilities': 'Potential violations of Kenya’s Data '
'Protection Act (2019)',
'payment_information_risk': 'Moderate (billing information '
'exposed)',
'systems_affected': ['M-Tiba servers',
'Health facility databases']},
'investigation_status': 'Active (M-Tiba/CarePay reviewing evidence; ODPC '
'involved)',
'references': [{'source': 'TechCabal'},
{'source': 'Kazu Breach (Telegram channel)'},
{'source': 'Communications Authority of Kenya (cyberattack '
'statistics)'}],
'regulatory_compliance': {'regulations_violated': ['Kenya’s Data Protection '
'Act (2019)'],
'regulatory_notifications': 'Office of the Data '
'Protection '
'Commissioner (ODPC) '
'aware of incident'},
'response': {'communication_strategy': 'Request for evidence; no public '
'confirmation/denial',
'incident_response_plan_activated': 'Under investigation '
'(evidence requested from '
'reporters)'},
'threat_actor': 'Kazu (hacker group)',
'title': 'M-Tiba Data Breach: Alleged Theft of 17 Million Medical and '
'Personal Records',
'type': ['Data Breach', 'Unauthorized Access']}