Editor's Review

NSSF confirmed that the attempted intrusion targeted its image storage system. 

The National Social Security Fund (NSSF) has addressed reports of an attempted cyber attack on its systems. 

In a statement on Tuesday evening, May 20, the agency assured members and the public that no data was compromised during the incident. 

NSSF confirmed that the attempted intrusion targeted its image storage system.  

However, the institution maintained that its core systems, which handle sensitive member data and financial transactions, remained secure. 

"We wish to assure our members that the core system, which stores member data and financial transactions, remains secure and safe.

Read More

  1. NSSF Partners With Chinese Company to Bid for Rironi-Mau Summit Road Project
  2. We Project to Have Over Ksh1 Trillion in Domestic Savings by 2027 - Ruto
  3. NSSF is Not a Tax - COTU Defends NSSF Act, Warns Against Politicization

"Based on the findings of our ongoing investigations, there is no evidence that any personal or financial member data has been compromised or extracted," the statement read.

File image of NSSF CEO David Koross

This comes months after the Business Registration Service (BRS) was hacked and sensitive data was obtained.

The Ministry of Information, Communications, and the Digital Economy later confirmed the breach, however, noting that it was resolved.

In a statement on Thursday, February 6, ICT CS William Kabogo assured affected parties that the leaked information had been removed and permanently erased. 

"The Ministry of Information, Communications, and the Digital Economy wishes to inform the public and affected parties that the recent incident involving the unauthorized disclosure of company registry information has been comprehensively addressed and conclusively resolved. 

"The Ministry confirms that the unauthorized publication of information has been fully removed and permanently erased. Additionally, all Business Registration Service systems and databases have been secured, with enhanced preventive measures implemented to mitigate any future occurrences," the statement read.

Kabogo also stated that the government has reinforced cybersecurity safeguards across all government digital infrastructure to protect Kenyans' data.

"We assure the public that stringent cybersecurity safeguards have been reinforced across all government digital infrastructure assets to protect the confidentiality and privacy of Kenyans' personal data, in accordance with the Constitution of Kenya, 2010 and other relevant legislations," the statement added.