Safaricom’s Data Breach Gets Bigger

Far-Reaching Effects of Safaricom Data Breach

The massive data breach that the African telecommunications company Safaricom recently experienced saw almost 12 million gamblers’ personal information being compromised. Apparently the person who orchestrated the theft is someone inside the organisation, and they are reported to have subsequently tried to extort around $3 million from the company for keeping the data private.

A Mr Benedict Kabugi, one of the victims of this infringement, has since filed suit against the firm, and now evidence has emerged of this data loss extending into Europe too.

Safaricom Can Be Held Accountable

Additional lawsuits are to be filed soon in London and Paris. They are being introduced based on the European Union’s General Data Protection Regulation, which asserts that the transgression has impacted over 500 European citizens residing in Kenya. Because the GDPR describes exactly how the information of citizens of the EU must be protected, even beyond its borders, the lawsuits state that Safaricom can be held responsible.

Data Legitimacy Will Play a Major Role

Kabugi has stated that his case is going very slowly in court, and recently he and his legal team requested that they be able to present the actual information as proof of the compromise at the telecommunications company. The data has since been handed over and is now undergoing a review to ascertain its authenticity. The ruling that the court makes on its conformity to the rules of law may well be a deciding factor in how the Paris and London lawsuits pan out.

Safaricom Trying to Minimise Backlash

Safaricom, who are also the driving force behind the popular mobile money service M-PESA, may well be trying to take advantage of its status as one of the biggest telecommunications companies on the African continent to thwart negative legal reprisals related to the cases. Kabugi has asserted that the organisation has been putting pressure on media outlets like the Standard and Nation media groups to avoid the subject entirely. He says the firm has threatened to renege on advertising deals if they are scrutinised, and this would cause the outlets major financial damage.

Kabugi himself reportedly suffered retaliation after he submitted his initial lawsuit. It came from the hands of local police, and he was formally arrested and thrown into jail before finally getting released. He has asserted that this was a blatant attempt to get him to retract his lawsuit and that it was possible for the company to do this because they have a police unit of their own. He said that this force takes orders from the civilian CEO Michael Joseph. He went on to claim that this illegal habit is a common one in Kenya and that the Railways Corporation and the Revenue Authority for the country were also guilty of it.

When the data breach happened a huge amount of information was compromised. This included players’ full names, identification, telephone numbers, amounts that had been wagered, and more. Kabugi is claiming damages of roughly $100 000 to be paid by the organisation to each person impacted by this violation.