Kenya’s National Social Security Fund (NSSF) has reportedly suffered a ransomware breach, with attackers demanding $4.5 million to prevent the exposure of stolen data on the dark web.
The hacking group identified as “Devman” has claimed responsibility, alleging it exfiltrated 2.5 terabytes of sensitive data from NSSF systems.
Top Tech became aware of the incident following an image posted by threat intelligence tracker HackManac on X (formerly Twitter). The image appeared to show a ransom note from the attackers, stating: “All devices locked. 2.5TB of data stolen. The victim has 24h to contact us before the name is revealed. Info on /nssf.html.”
The note directly identified Kenya’s NSSF as the victim and issued a 24-hour deadline to initiate contact, threatening to leak the data on the dark web if no communication was made.
NSSF Kenya is a state-run pension scheme responsible for collecting and managing retirement contributions from employers and employees. The organization also provides retirement, disability, and survivor benefits, and invests in diverse sectors to ensure the financial security of its members.
The breach raises significant concerns over the potential exposure of personal and financial data belonging to Kenyan citizens. If confirmed, the leak could result in serious privacy violations and widespread identity-related crimes.
Government agencies across Africa continue to face rising cyber threats.
Within the past month, similar cyber incidents have targeted Morocco’s National Social Security Agency, Egypt’s National Social Insurance Authority, and South African Airways.
Authorities in Kenya have not officially confirmed the breach or responded to the ransom claims as of the time of writing.
About Author
