Several government ministry websites were inaccessible on Monday, November 17, following a suspected cyber attack that targeted multiple critical platforms.
The affected ministries include Interior, Health, Education, Energy, Tourism, Labour, and Water, with users unable to access key online services for hours.
Visitors to the compromised websites were met with alarming messages instead of the usual content.
Among the messages displayed were phrases such as "Access denied by PCP", "We will rise again", "White power worldwide", "14:88 Heil Hitler", "You are being lied to", and "ABSA is working with us, so are your politicians".
In addition to the defaced pages, the hackers embedded a link to a Telegram channel boasting over 150 subscribers.
Read More
Elsewhere, earlier in the year, the Business Registration Service (BRS) was hacked and sensitive data obtained.
The Ministry of Information, Communications, and the Digital Economy confirmed the breach, however, noting that it was resolved.
In a statement on Thursday, February 6, ICT CS William Kabogo assured affected parties that the leaked information had been removed and permanently erased.
"The Ministry of Information, Communications, and the Digital Economy wishes to inform the public and affected parties that the recent incident involving the unauthorized disclosure of company registry information has been comprehensively addressed and conclusively resolved.
"The Ministry confirms that the unauthorized publication of information has been fully removed and permanently erased. Additionally, all Business Registration Service systems and databases have been secured, with enhanced preventive measures implemented to mitigate any future occurrences," the statement read.
Kabogo also stated that the government has reinforced cybersecurity safeguards across all government digital infrastructure to protect Kenyans' data.
"We assure the public that stringent cybersecurity safeguards have been reinforced across all government digital infrastructure assets to protect the confidentiality and privacy of Kenyans' personal data, in accordance with the Constitution of Kenya, 2010 and other relevant legislations," the statement added.
Months later, the National Social Security Fund (NSSF) addressed reports of an attempted cyber attack on its systems.
In a statement on Tuesday evening, May 20, the agency assured members and the public that no data was compromised during the incident.
NSSF confirmed that the attempted intrusion targeted its image storage system.
However, the institution maintained that its core systems, which handle sensitive member data and financial transactions, remained secure.
"We wish to assure our members that the core system, which stores member data and financial transactions, remains secure and safe. Based on the findings of our ongoing investigations, there is no evidence that any personal or financial member data has been compromised or extracted," the statement read.
