Personal and health data of M-TIBA users are at risk after the platform reportedly suffered a major data breach, exposing sensitive user information to potential misuse.

In a statement on October 29,  the Office of the Data Protection Commissioner (ODPC) said it is aware of media reports that the mobile health-wallet platform M-TIBA may have experienced a cyber-incident involving the potential exposure of personal and health data of users.

“Our priority is to protect the rights of all data subjects-particularly given the sensitivity of health-related information-and ensure that appropriate action is taken in accordance with the Data Protection Act 2019 and its accompanying regulations,” ODPC said.

“At this stage, the ODPC is actively engaging with the Data Processor, M-TIBA and other stakeholders to establish the full facts of the situation.”

A threat actor,self identified as “Kazu” claims to have stolen a database from M-TIBA sized at 2.15TB containing over 17 million files.

The hacker group is reportedly offering the data for sale in dark web forums.

Also Read:Duale Clarifies What’s in the New Health Bill

According to the sample shared(about 2 GB),the leak allegedly contains data for like 114000 users including both account holders and beneficiaries.

The full dataset is claimed to affect upto 4.8 million users of M-TIBA.

Also Read:Bill Gates Partners with KEMRI in KSh516 Million Health Project

The leaked content reportedly includes extremely sensitive data:Full names, national ID numbers, phone numbers,dates of birth, medical diagnosis, billing records and information from about 700 health facilities.

What remains unknown is how the breach occurred,the vector is not publicly disclosed if the breach is authentic.

More to Follow…