Ramana Tech School

A data breach that went unreported. On 31st Oct 2021, @SafaricomPLC lost 35 million customers data to an unknown hacker, not knowing what to do, they fixed one of its ex-employee who eventually won the case as there was no evidence. Does anyone know about it? And are you aware that if you lost your data, it is your right to ask Safaricom why the #Safaricom35MDataBreach was never reported? #DataBreach #safaricom We have evidence, check the image attached which shows the scale of this issue. You can find all the evidence and court docs in this google drive link: drive.google.com/file/d/1PDcnnr… We are not sharing some evidence here, as it has customers Personal Identifier Information. We will mask and share it. Background: - Safaricom lost 35 million customers data - Reported to DCI - DCI arrested Mr. Sai at airport without any evidence - Filed three charges, which alleged that Mr. Sai was involved in data breach and demanded 800,000 USD - Dismissed him Prosecution Case Details: 6 witnesses from Safaricom and 2 witnesses from DCI represented the case - Witness1 said they received 1 million customers data hacked over an email. Confirmed it was safaricom data. Confirmed that none of the emails originated from Mr. Sai - Witness2 has no evidence, just came to court to prese - Witness3 has no evidence, just came to court to say he was line manager - Witness4 has no evidence, confirmed that it is work of suspected hacker, as systems can be hacked - Witness5 alleged that Mr. Sai accessed server during the data breach, but did not provide any logs to confirm, just put some editable excel sheets - Witness6 data expert confirmed to court that he is not aware of source of data analyzed - Witness7, Forensic expert from DCI lab confirmed that Mr. Sai Phone & laptop have no connection to the server and data breach. He is not aware of the contents of files analyzed - Witness8, Investigation officer from DCI, said he has never seen the server breached, does not have chain of custody for data & server, and he does not have any evidence against Sai Defense case details: - Defense has shown to court that emails originated from USA & Netherlands while Mr. Sai was in India - Proved to court that prosecution manipulated the reports - Explained to court that if Mr. Sai's phone and laptop have no connection to the data breach, he is no where involved in the data breach - Explained to the court if data breach had really happened, it must have been reported to Data Protection Office within 72 hours, which Safaricom never did Judgment: Acquittal of the Claimant by Milimani Lower Courts: - On April 30th, 2024, the claimant was acquitted , with the main reasons for acquittal outlined as follows: - Incomplete Investigations: The investigations conducted were deemed incomplete, suggesting a lack of thoroughness in gathering evidence or exploring all relevant avenues. - Manipulated Prosecution Reports: Specific concerns were raised regarding the manipulation of prosecution reports. This casts doubt on the reliability and integrity of the evidence presented against the claimant. - Failure to Call Critical Witnesses: Critical witnesses were not called upon during the proceedings, potentially depriving the claimant of vital testimony in their defense. - Lack of Investigation into Other Staff Members: Notably, other staff members of the data science team were not thoroughly investigated, raising questions about the fairness and comprehensiveness of the investigative process. Other imp details: - Safaricom lost Mpesa, Call data records, personal details to a hacker - Safaricom without consent from their customers used their information in court. Perhaps, those customers can take action on Safaricom - Server still remains unknown as the Investigation officer himself has never seen it Logically does it make sense: - Investigation officer has never seen/secured the server breached - Forensic expert has not found any evidence in Mr. Sai Laptop & Phone - Data Expert confirms that he is unaware of data source - Cyber expert confirms that the server had no internet without which data cannot be breached - Head of ethics and compliance said that this is work of Suspected hacker as Safaricom systems can be hacked - Head of BI said that he suspected Mr. Sai might have done the data breach, so lied to him that it was meeting and got him arrested Let me know what your comments are and what should we do to make sure this wont happen again.

A data breach that went unreported. On 31st Oct 2021, @SafaricomPLC lost 35 million customers data to an unknown hacker, not knowing what to do, they fixed one of its ex-employee who eventually won the case as there was no evidence. Does anyone know about it? And are you aware that if you lost your data, it is your right to ask Safaricom why the #Safaricom35MDataBreach was never reported? #DataBreach #safaricom We have evidence, check the image attached which shows the scale of this issue. You can find all the evidence and court docs in this google drive link: drive.google.com/file/d/1PDcnnr… We are not sharing some evidence here, as it has customers Personal Identifier Information. We will mask and share it. Background: - Safaricom lost 35 million customers data - Reported to DCI - DCI arrested Mr. Sai at airport without any evidence - Filed three charges, which alleged that Mr. Sai was involved in data breach and demanded 800,000 USD - Dismissed him Prosecution Case Details: 6 witnesses from Safaricom and 2 witnesses from DCI represented the case - Witness1 said they received 1 million customers data hacked over an email. Confirmed it was safaricom data. Confirmed that none of the emails originated from Mr. Sai - Witness2 has no evidence, just came to court to prese - Witness3 has no evidence, just came to court to say he was line manager - Witness4 has no evidence, confirmed that it is work of suspected hacker, as systems can be hacked - Witness5 alleged that Mr. Sai accessed server during the data breach, but did not provide any logs to confirm, just put some editable excel sheets - Witness6 data expert confirmed to court that he is not aware of source of data analyzed - Witness7, Forensic expert from DCI lab confirmed that Mr. Sai Phone & laptop have no connection to the server and data breach. He is not aware of the contents of files analyzed - Witness8, Investigation officer from DCI, said he has never seen the server breached, does not have chain of custody for data & server, and he does not have any evidence against Sai Defense case details: - Defense has shown to court that emails originated from USA & Netherlands while Mr. Sai was in India - Proved to court that prosecution manipulated the reports - Explained to court that if Mr. Sai's phone and laptop have no connection to the data breach, he is no where involved in the data breach - Explained to the court if data breach had really happened, it must have been reported to Data Protection Office within 72 hours, which Safaricom never did Judgment: Acquittal of the Claimant by Milimani Lower Courts: - On April 30th, 2024, the claimant was acquitted , with the main reasons for acquittal outlined as follows: - Incomplete Investigations: The investigations conducted were deemed incomplete, suggesting a lack of thoroughness in gathering evidence or exploring all relevant avenues. - Manipulated Prosecution Reports: Specific concerns were raised regarding the manipulation of prosecution reports. This casts doubt on the reliability and integrity of the evidence presented against the claimant. - Failure to Call Critical Witnesses: Critical witnesses were not called upon during the proceedings, potentially depriving the claimant of vital testimony in their defense. - Lack of Investigation into Other Staff Members: Notably, other staff members of the data science team were not thoroughly investigated, raising questions about the fairness and comprehensiveness of the investigative process. Other imp details: - Safaricom lost Mpesa, Call data records, personal details to a hacker - Safaricom without consent from their customers used their information in court. Perhaps, those customers can take action on Safaricom - Server still remains unknown as the Investigation officer himself has never seen it Logically does it make sense: - Investigation officer has never seen/secured the server breached - Forensic expert has not found any evidence in Mr. Sai Laptop & Phone - Data Expert confirms that he is unaware of data source - Cyber expert confirms that the server had no internet without which data cannot be breached - Head of ethics and compliance said that this is work of Suspected hacker as Safaricom systems can be hacked - Head of BI said that he suspected Mr. Sai might have done the data breach, so lied to him that it was meeting and got him arrested Let me know what your comments are and what should we do to make sure this wont happen again.

A data breach that went unreported. On 31st Oct 2021, @SafaricomPLC lost 35 million customers data to an unknown hacker, not knowing what to do, they fixed one of its ex-employee who eventually won the case as there was no evidence. Does anyone know about it? And are you aware that if you lost your data, it is your right to ask Safaricom why the #Safaricom35MDataBreach was never reported? #DataBreach #safaricom We have evidence, check the image attached which shows the scale of this issue. You can find all the evidence and court docs in this google drive link: drive.google.com/file/d/1PDcnnr… We are not sharing some evidence here, as it has customers Personal Identifier Information. We will mask and share it. Background: - Safaricom lost 35 million customers data - Reported to DCI - DCI arrested Mr. Sai at airport without any evidence - Filed three charges, which alleged that Mr. Sai was involved in data breach and demanded 800,000 USD - Dismissed him Prosecution Case Details: 6 witnesses from Safaricom and 2 witnesses from DCI represented the case - Witness1 said they received 1 million customers data hacked over an email. Confirmed it was safaricom data. Confirmed that none of the emails originated from Mr. Sai - Witness2 has no evidence, just came to court to prese - Witness3 has no evidence, just came to court to say he was line manager - Witness4 has no evidence, confirmed that it is work of suspected hacker, as systems can be hacked - Witness5 alleged that Mr. Sai accessed server during the data breach, but did not provide any logs to confirm, just put some editable excel sheets - Witness6 data expert confirmed to court that he is not aware of source of data analyzed - Witness7, Forensic expert from DCI lab confirmed that Mr. Sai Phone & laptop have no connection to the server and data breach. He is not aware of the contents of files analyzed - Witness8, Investigation officer from DCI, said he has never seen the server breached, does not have chain of custody for data & server, and he does not have any evidence against Sai Defense case details: - Defense has shown to court that emails originated from USA & Netherlands while Mr. Sai was in India - Proved to court that prosecution manipulated the reports - Explained to court that if Mr. Sai's phone and laptop have no connection to the data breach, he is no where involved in the data breach - Explained to the court if data breach had really happened, it must have been reported to Data Protection Office within 72 hours, which Safaricom never did Judgment: Acquittal of the Claimant by Milimani Lower Courts: - On April 30th, 2024, the claimant was acquitted , with the main reasons for acquittal outlined as follows: - Incomplete Investigations: The investigations conducted were deemed incomplete, suggesting a lack of thoroughness in gathering evidence or exploring all relevant avenues. - Manipulated Prosecution Reports: Specific concerns were raised regarding the manipulation of prosecution reports. This casts doubt on the reliability and integrity of the evidence presented against the claimant. - Failure to Call Critical Witnesses: Critical witnesses were not called upon during the proceedings, potentially depriving the claimant of vital testimony in their defense. - Lack of Investigation into Other Staff Members: Notably, other staff members of the data science team were not thoroughly investigated, raising questions about the fairness and comprehensiveness of the investigative process. Other imp details: - Safaricom lost Mpesa, Call data records, personal details to a hacker - Safaricom without consent from their customers used their information in court. Perhaps, those customers can take action on Safaricom - Server still remains unknown as the Investigation officer himself has never seen it Logically does it make sense: - Investigation officer has never seen/secured the server breached - Forensic expert has not found any evidence in Mr. Sai Laptop & Phone - Data Expert confirms that he is unaware of data source - Cyber expert confirms that the server had no internet without which data cannot be breached - Head of ethics and compliance said that this is work of Suspected hacker as Safaricom systems can be hacked - Head of BI said that he suspected Mr. Sai might have done the data breach, so lied to him that it was meeting and got him arrested Let me know what your comments are and what should we do to make sure this wont happen again.