Safaricom’s legal troubles have deepened after a planned out-of-court settlement over a massive data breach collapsed, forcing the case to proceed to a full trial.
The matter revolves around the exposure of personal details belonging to more than 11 million customers, raising serious questions about the company’s data protection systems and accountability.
The data breach, which dates back to May 2019, involved information such as names, passport numbers, birth dates, and even M-Pesa transaction histories being accessed and allegedly sold.
This kind of personal data, if in the wrong hands, can easily be misused, leaving millions of customers vulnerable to fraud and privacy violations.
The breach was discovered after police recovered laptops from suspects in 2019, revealing how deep the exposure had gone.
Among those most affected is Benedict Kabugi, who has filed a lawsuit demanding Sh1 trillion in compensation. His argument is based on Safaricom’s alleged failure to act quickly enough to alert customers once the breach was discovered.
Kabugi’s claim translates to roughly Sh86,956 for each of the 11.5 million affected customers, a figure that could set a record in Kenya’s legal and corporate history if the court rules in his favor.
Two former Safaricom employees, Simon Billy Kinuthia and Brian Njoroge Wamatu, have also been charged in connection with the incident.
They are accused of using their access to the company’s systems to steal the data and sell it to a betting firm. The case has raised questions about how easily insiders can exploit loopholes in major companies, especially those handling sensitive financial and identity data.
Many Kenyans now wonder whether Safaricom has done enough to close those gaps and prevent similar breaches in the future.
Safaricom has maintained that it took immediate steps after the incident by reporting the matter to the Directorate of Criminal Investigations and later improving its cybersecurity measures.
However, rights groups such as the Kenya Human Rights Commission have criticized the company, saying it has continued to overlook user privacy and may still be involved in questionable data-sharing arrangements with private companies like Neural Technologies.
These partnerships, according to critics, could involve profiling of customers in ways that violate privacy laws.
The controversy has also caught the attention of lawmakers. Some senators have accused Safaricom of enabling government surveillance activities under the pretext of national security operations. They argue that such actions contribute to privacy violations and may have been used in cases involving kidnappings or human rights abuses.
With the court case now proceeding to full trial, experts believe it could have far-reaching consequences for Kenya’s digital landscape.
The outcome will likely shape how corporations handle customer data and respond to breaches in the future. It also serves as a reminder of the growing importance of digital accountability in a world where information has become as valuable as money.
For millions of Kenyans who depend on Safaricom’s services daily, the case is not just about compensation it is about trust, transparency, and the assurance that their personal data will be handled with the care it deserves.
Add Comment