You remember the news back in June of 2019 when one Benedict Kabugi filed a lawsuit against market leader Safaricom accusing them of exposing personal data of up to 11 million customers? Well, in a new twist, reported by The Standard, Safaricom has accused the man of stealing the data and using it to demand a ransom.
“The petitioner’s knowledge and possession of the said data is in fact the result of criminal activities which the petitioner either fully participated in or was an accessory to,” states the company in its replying affidavit.
Mr. Kabugi had stated in his petition – The Standard reports – that he was approached by an individual who had in his possession the personal data of more than 11 million customers.
The data was from people who’d used their Safaricom lines to gamble on different betting platforms in the country. Personal information including names, numbers, IDs, gender, age, amounts gambled, and devices used were all part of the exposed data.
Safaricom’s new claim that the petitioner should be a criminal suspect in the stealing of the personal data could open up so many avenues for discussion, or even lawsuits. How safe is customer data in Kenya? These are 11 Million customers, how was all that data accessed? How sophisticated are the thieves to steal from Safaricom? And what was their motive, if they went to court accusing Safaricom a data breach?
“There is in fact cogent and overwhelming evidence by witnesses such as Charles Njuguna Kimani and Mark Billy Nderitu showing that the petitioner actively participated in the perpetration of the criminal offense that led to the possession or sighting of the data,” states Safaricom in its affidavit in part.
It’ll be interesting to see how everything pans out, in what could turn out to be a huge case people will look up to with the new data and privacy laws in Kenya.