{"id":140959,"date":"2026-05-14T04:02:53","date_gmt":"2026-05-14T04:02:53","guid":{"rendered":"https:\/\/chezaspin.com\/blog\/safaricom-ordered-to-pay-sh11mn-over-massive-subscriber-data-breach\/"},"modified":"2026-05-14T04:02:53","modified_gmt":"2026-05-14T04:02:53","slug":"safaricom-ordered-to-pay-sh11mn-over-massive-subscriber-data-breach","status":"publish","type":"post","link":"https:\/\/chezaspin.com\/blog\/safaricom-ordered-to-pay-sh11mn-over-massive-subscriber-data-breach\/","title":{"rendered":"Safaricom Ordered to Pay Sh11mn Over Massive Subscriber Data Breach"},"content":{"rendered":"<p>NAIROBI, Kenya May 14 \u2013 Safaricom PLC has been dealt a major legal blow after the High Court ordered the telecommunications company to compensate 11 subscribers for violating their constitutional rights in a landmark data privacy case linked to one of Kenya\u2019s biggest alleged customer information breaches.<\/p>\n<p>In the ruling delivered by Justice Bahati Mwamuye, the court awarded each petitioner Sh900,000 in general damages, translating to a total payout of Sh9.9 million, excluding interest and legal costs.<\/p>\n<p>The judge also directed that the compensation amount will continue to accrue interest until the money is fully paid and ordered the company to bear the costs of the petition.<\/p>\n<p>The case was filed by Austin Taabu alongside 10 other complainants, who accused Safaricom of failing to protect customer data during an alleged large-scale breach said to have compromised information belonging to more than 11.5 million subscribers between 2018 and 2019.<\/p>\n<p>Court filings indicated that the petitioners alleged the breach was orchestrated through a coordinated operation involving rogue staff members who allegedly gained unauthorized access to subscriber records and shared the information with external parties, including betting companies, for profit.<\/p>\n<p>The complainants argued that Safaricom neglected its obligations as a data controller by failing to establish adequate safeguards to protect customers\u2019 private information from internal misuse.<\/p>\n<p>According to documents presented before the court, WhatsApp conversations involving some employees allegedly demonstrated widespread and unchecked access to confidential subscriber information.<\/p>\n<p>The petitioners, represented by Mola Kimosop Advocates, argued that the incident was not an isolated occurrence but reflected systemic failures within the company\u2019s data protection framework.<\/p>\n<p>They maintained that the breach violated constitutional protections relating to privacy, human dignity and consumer rights as provided under Articles 28, 31(c) and 46 of the Constitution.<\/p>\n<p>The court heard that sensitive personal details, including financial records, betting activity and geolocation data, were allegedly accessed and exploited without subscribers\u2019 consent or sufficient security measures.<\/p>\n<p>Justice Mwamuye ultimately found that Safaricom had infringed on the constitutional rights of the petitioners and awarded damages in their favour.<\/p>","protected":false},"excerpt":{"rendered":"<p>NAIROBI, Kenya May 14 \u2013 Safaricom PLC has been dealt a major legal blow after the High Court ordered the telecommunications company to compensate 11 subscribers for violating their constitutional rights in a landmark data privacy case linked to one of Kenya\u2019s biggest alleged customer information breaches. In the ruling delivered by Justice Bahati Mwamuye, [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-140959","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/140959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/comments?post=140959"}],"version-history":[{"count":0,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/140959\/revisions"}],"wp:attachment":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/media?parent=140959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/categories?post=140959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/tags?post=140959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}