A case involving the alleged theft of personal data belonging to 11.5 million Safaricom subscribers is set to proceed to a full trial before the High Court after out-of-court negotiations between the parties collapsed.
According to court filings, the stolen information included highly sensitive subscriber data, such as:
- Full names
- National ID and passport numbers
- Phone contacts
- GPS location data
- Betting and mobile money transaction histories
The data breach is alleged to have been orchestrated by two former senior Safaricom managers, who reportedly shared the details with businessman Benedict Kabugi.
Kabugi allegedly intended to sell the massive database to a major sports betting company, but the plot was intercepted before it could be executed.
Safaricom had sought to resolve the matter privately, but talks broke down, paving the way for the High Court trial to proceed.
“The case will not only determine individual culpability but also scrutinize Safaricom’s internal data protection measures and their compliance with the Data Protection Act, 2019,” said a source close to the investigations.
The court is expected to assess the telecom giant’s cybersecurity protocols and whether adequate safeguards were in place to protect customer data from insider breaches.
The Office of the Data Protection Commissioner (ODPC) has also been monitoring the case closely, given its implications for data privacy enforcement in Kenya’s telecommunications sector.
