Kenya’s National Social Security Fund (NSSF) has denied claims that its systems were compromised, following reports of a ransomware group demanding a $4.5 million payment to prevent the publication of stolen data.
In an official press statement dated May 20, 2025, the state agency acknowledged an attempted intrusion targeting its image storage system but confirmed that no personal or financial member data had been accessed or extracted.
“Based on the findings of our ongoing investigations, there is no evidence that any personal or financial member data has been compromised or extracted,” the NSSF said in its statement.
The agency further assured stakeholders that its core systems, which manage member records and financial transactions, remain secure and fully operational.
This response comes after the ransomware group “Devman” claimed responsibility for the alleged breach. The group asserted it had exfiltrated 2.5 terabytes of sensitive data and issued a 24-hour ultimatum for NSSF to respond, threatening to release the data on the dark web.
The institution reiterated its commitment to upholding high standards of data protection, integrity, and transparency amid growing concerns about cybersecurity threats targeting public institutions across Africa.
About Author
