The National Social Security Fund (NSSF) has firmly denied allegations of a massive 2.5-terabyte data breach, dismissing online claims of system compromise and assuring members their information is secure.
In a late-night statement issued on May 20, the NSSF stated:
“We wish to assure our members that the core system, which stores member data and financial transactions, remains secure and safe.”
Hacker Claims and Technical Allegations
The breach allegations surfaced on May 19 via X (formerly Twitter) from a user operating under the alias Devman. The account claimed to have extracted 2.5TB of data from NSSF systems, allegedly by exploiting the organization’s Group Policy Object (GPO) updates and using LDAP protocols to gain access.
GPO manipulation could, in theory, allow an attacker to install malware, alter security configurations, and gain control of systems within a Windows environment.
Devman’s post further alleged access via Remote Desktop Protocol (RDP), sarcastically thanking NSSF and the Kaspersky security team for not detecting his movement through the network.
“Special thanks to @Kaspersky team for not noticing mimitaktz and my movement in general,” the hacker posted.
NSSF: No Evidence of Data Extraction
Despite the concerning claims, NSSF maintains there is no evidence of data compromise:
“Based on the findings of our ongoing investigations, there is no evidence that any personal or financial member data has been compromised or extracted,” the agency confirmed.
The fund also assured the public that its core systems and financial operations remain protected against intrusion attempts.
High Stakes for Member Privacy
As a mandatory national fund, NSSF stores sensitive personal and financial data for millions of Kenyans. Any breach could potentially expose critical personal records, making the cybersecurity of the fund a top national concern.
Broader Context and Concerns
The breach claim comes shortly after global headlines regarding cybersecurity vulnerabilities. Notably, Australia recently banned Kaspersky software from government systems over security risks—a point referenced by the hacker in a dig at NSSF’s cybersecurity layers.
A screenshot included in the hacker’s post displayed internal ICT group names such as:
- ICT KASPERSKY [email protected]
- NOEM [email protected]
- EXCHANGE MIGRATION [email protected]
These group names suggest potential access to administrative resources, though no concrete evidence of data extraction has been publicly shared.
Final Word
As investigations continue, cybersecurity experts are urging organizations to review their identity access protocols, endpoint protection tools, and incident response procedures.
While NSSF’s statement offers reassurance, the growing frequency of such claims underscores the need for transparent security audits and public accountability—especially for institutions managing national data.
