Safaricom: Register for free and read this article

Kenyan High Court Orders Safaricom to Pay KES 9.9 Million for Data Breach Violations

The Kenyan High Court has ruled that Safaricom, the country’s largest telecommunications provider, must compensate 11 subscribers a total of KES 9.9 million (KES 900,000 each) for violating their constitutional rights to privacy, dignity, and consumer protection. The case, filed by Austin Taabu and 10 other complainants, stemmed from a 2018-19 data breach in which Safaricom’s internal systems were compromised, leading to unauthorized access to customer data.

The court determined that Safaricom failed to adequately safeguard personal information, exposing subscribers to potential misuse. The ruling underscores growing legal accountability for data protection failures in Kenya, particularly under constitutional and consumer rights frameworks. The case highlights the financial and reputational risks companies face when mishandling sensitive customer data.

Source: https://www.telecompaper.com/news/safaricom-ordered-to-pay-kes-10-mln-in-data-breach-lawsuit--1571485

Safaricom PLC cybersecurity rating report: https://www.rankiteo.com/company/safaricom

"id": "SAF1779179446",
"linkid": "safaricom",
"type": "Breach",
"date": "1/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '11 subscribers (initially)',
                        'industry': 'Telecommunications',
                        'location': 'Kenya',
                        'name': 'Safaricom',
                        'size': 'Large',
                        'type': 'Telecommunications Provider'}],
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (constitutional rights to '
                                        'privacy and dignity violated)',
                 'type_of_data_compromised': 'Personal information'},
 'date_detected': '2018-2019',
 'description': 'The Kenyan High Court ruled that Safaricom must compensate 11 '
                'subscribers a total of KES 9.9 million for violating their '
                'constitutional rights to privacy, dignity, and consumer '
                'protection due to a 2018-19 data breach where internal '
                'systems were compromised, leading to unauthorized access to '
                'customer data.',
 'impact': {'brand_reputation_impact': 'Reputational risks due to mishandling '
                                       'sensitive customer data',
            'data_compromised': 'Customer personal information',
            'financial_loss': 'KES 9.9 million',
            'identity_theft_risk': 'Potential misuse of customer data',
            'legal_liabilities': 'Violation of constitutional rights to '
                                 'privacy, dignity, and consumer protection',
            'systems_affected': 'Internal systems'},
 'investigation_status': 'Closed (Court ruling issued)',
 'lessons_learned': 'Growing legal accountability for data protection failures '
                    'in Kenya; financial and reputational risks for companies '
                    'mishandling sensitive customer data.',
 'post_incident_analysis': {'root_causes': 'Failure to adequately safeguard '
                                           'personal information'},
 'references': [{'source': 'Kenyan High Court Ruling'}],
 'regulatory_compliance': {'fines_imposed': 'KES 9.9 million',
                           'legal_actions': 'High Court ruling',
                           'regulations_violated': 'Constitutional rights to '
                                                   'privacy, dignity, and '
                                                   'consumer protection'},
 'title': 'Safaricom Data Breach and Privacy Violations',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate safeguards for personal information'}