In a cyber incident, a threat actor claims to have breached the systems of Pezesha, a prominent Kenyan financial services platform, and obtained extensive user data. Pezesha, known for enabling financial inclusion by connecting small and medium-sized enterprises (SMEs) with working capital, is now facing a potential data security crisis. The breach, allegedly executed on January 31, 2024, has resulted in the exposure of several databases containing sensitive user information.
Details of the Alleged Breach
The hacker asserts that the compromised data includes seven distinct databases encompassing a wide range of user information and financial records. The exposed data reportedly includes:
- National ID Numbers: 1,122,000 unique entries
- Phone Numbers: 328,000 unique entries
- Photo IDs: 4,535 files
- Additional Data: SMS notifications, documents, personal data, and loan applications
The total dataset is being offered for sale at $300, with the hacker indicating a one-hand sale policy.