KENYA : The Micro and Small Enterprise Authority (MSEA) of Kenya has reportedly been hacked.
Hackers are reportedly leaking sensitive government data onto the Dark Web following the successful cyberattack and offering live access to MSEA’s backup data.
According to screengrabs shared online, the hackers are also offering access to the agency’s SQL dump, selling the backend for Ksh12,950,000 (USD 100,000).
The incident has raised questions and concerns over the security of critical government and financial information.
MSEA, a government agency tasked with supporting micro and small enterprises, is now facing a potential crisis as private data, including internal records and system access.
According to the shared screengrabs, the hackers claim to have much more private data, along with access to the systems.
Further, the hacker has referenced the security of NLSBanking.com, which is responsible for providing financial software solutions to over 20 financial institutions across Africa and Asia.
These institutions, including notable banks like Nic Bank, National Bank of Kenya, and Sidian Bank, use NLS Banking’s software to manage various banking services such as Internet, mobile banking, ATM, pos services, and credit services.
The selling of such sensitive data could compromise not only the privacy of MSEA clients but also the integrity of the financial services provided across various institutions in Africa.
This is not the First such incident, in a separate incident, a hacker took over the X account of the Ministry of Health (MoH) on Sunday, September 1, publishing posts on behalf of the ministry.
The unknown hackers posted that the ministry’s PS Mary Muthoni Muriuki and other members of the health fraternity were seeking contributions from Kenyans.
Across the Boarder, The Bank of Uganda (BoU) is investigating a reported cyber heist where hackers, allegedly from a Southeast Asian group called "Waste," breached the central bank's IT infrastructure and allegedly stole $17 million (Shs 62.4 billion) from the Treasury account.
The incident, which occurred approximately two weeks ago, has prompted President Yoweri Museveni to direct the Defence Intelligence and Security (DIS) to take over the investigation from the Criminal Investigations Directorate (CID), while the bank has engaged a top audit firm to assess the extent of the breach and recommend new controls.
The incident raises concerns about cybersecurity at Uganda's central bank, particularly given the leadership vacuum created by the absence of a substantive governor for almost three years, with Dr. Michael Atingi-Ego serving simultaneously as governor, deputy governor, and BoU chairperson.
Sources suggest possible collusion between BoU staff and officials from the Ministry of Finance's Treasury department and Accountant General's office, though Ministry spokesperson Jim Mugunga has expressed skepticism about such a large sum being compromised.
This breach comes despite the bank's recent efforts to strengthen cybersecurity, including a workshop conducted last May in collaboration with the Macroeconomic & Financial Management Institute of Eastern and Southern Africa (MEFMI).