Editor's Review

A social media user had on Friday, January 31 warned that a bug in eCitizen allowed access to data in the BRS' registry system.

The Business Registration Service (BRS) has swung into action after a social media user flagged a potential data breach in its registry system. 

In a statement on Sunday, February 2, the agency said it has launched an investigation into the matter, and assured stakeholders that immediate action was taken to assess and mitigate any risks. 

"The Business Registration Service (BRS) is aware of reports regarding a potential data breach affecting the company registry’s information. Upon receiving this information, we immediately activated our Incident Response Plan, launched a comprehensive investigation, and notified the relevant regulatory authorities," a statement signed by BRS Director General Kenneth Gathuma read.

BRS noted that its cybersecurity experts are working closely with law enforcement and investigative agencies to determine the scope of the incident. 

Additionally, the agency said that the nature and extent of any compromised data are still being verified.

Read More

  1. KRA Issues Payment Alternative as eCitizen Paybill Crashes
  2. President Ruto Puts CEOs of Kenya Power, EPRA, and 32 Other Government Agencies on Notice
  3. Government Making Ksh400 Billion From eCitizen - PS Julius Bitok

"Our cybersecurity experts are working closely with our cybersecurity partner, law enforcement, and investigative agencies to assess the scope of the incident, determine any potential impact, and implement necessary containment and mitigation measures.

"At this stage, we are still verifying the details of the alleged breach, including the nature and extent of any compromised data. Once the investigation is complete, we will provide an update and directly engage with any affected parties," the statement added.

File image of BRS Director General Kenneth Gathuma (in suit) at a past event

BRS emphasized that safeguarding the security and integrity of the company registry remains a top priority, noting that it has already enhanced its security protocols to prevent future incidents.

"We want to assure all stakeholders that the security and integrity of the company registry remain our top priority. As a precautionary measure, we have strengthened our security protocols to safeguard our systems and prevent future incidents.  

"BRS remains fully committed to addressing this matter with transparency and diligence. We appreciate the patience and cooperation of all affected parties as we work towards a resolution," the statement concluded.

A social media user, Shadrack Matata, had on Friday, January 31 warned that a bug in eCitizen allowed access to data in the BRS' registry system.

"If you registered a company between 2015 and 2021 with BRS in Kenya, your data is being auctioned out there and it's very accurate. I just can't believe what I'm seeing," he warned.