If you have registered a company or business under the Business Registration Services (BRS), your private details have probably been leaked online. This follows a cyber attack and theft of sensitive and confidential data from the BRS that occurred on January 31, 2025.
The Business Registration Services has been the sole custodian of the list of all companies and shareholder information for all companies that are registered in Kenya. It is this list that has been leaked online.
The cyber attack and theft of data has been exposed online by hackers, showing the companies Kenyans own online. These companies range from large businesses that are owned by Kenya’s top political leadership to small scale companies owned by Kenyans in the micro enterprise sector.
The private details that have been leaked online include the names of company directors, their national identity numbers, residential addresses, telephone numbers and the number of shares they own.
The attack was acknowledged by the Director-General of the BRS Kenneth Gathuma who told the media that investigations had been launched to establish how the data was accessed.
“Upon receiving reports regarding a potential data breach affecting the company registry’s information, we activated our Incident Response Plan,” he said. “We are still verifying the details of the alleged breach, including the nature and extent of any compromised data.”
Alarmingly, a majority of the leaked data was still accessible online as late as Monday morning, raising fears of identity theft.
Data breach exposes companies owned by Rachel and George Ruto
Among prominent Kenyans whose data was leaked were members of Kenyatta family, and the family of the current president William Ruto. The breached data, for instance, showed that former president Uhuru Kenyatta’s brother Muhoho Kenyatta is a director and shareholder in about 50 companies and organizations.
The leak further showed First Lady Rachel Ruto and her son George Ruto as having directorial and shareholder roles in multiple companies.
