Kenya’s telecommunications giant Safaricom has found itself in the middle of a growing legal storm after private efforts to resolve a major data privacy dispute failed.
The matter, which has now reached the High Court, revolves around claims that the personal information of about 11.5 million Safaricom customers was leaked and shared without their consent.
The information reportedly included names, national identification numbers, and records of betting activities that were allegedly passed on to a sports betting company.
Attempts to settle the matter quietly outside the courtroom did not succeed, forcing the issue to move into the public judicial process.
The controversy has drawn widespread attention, as it touches on one of the most sensitive issues in the digital age the safety of personal data.
According to court documents, two former Safaricom managers are accused of accessing confidential customer information and sharing it with a businessman identified as Benedict Kabugi.
It is alleged that Kabugi then attempted to sell this data to a betting firm, revealing not only contact details but also private information such as dates of birth, residential locations, and gambling histories.
Kabugi later filed a petition in court, seeking to turn the case into a class action lawsuit that would allow millions of affected customers to seek justice together.
Safaricom, however, has maintained that Kabugi himself is facing criminal charges related to the same data breach and that any information obtained illegally cannot be used in civil proceedings.
Justice W. Korir of the High Court has since ruled that the privacy petition should be put on hold until the ongoing criminal trial is concluded.
The judge emphasized that while protecting personal data is essential, it must be done within the framework of lawful evidence gathering.
The public reaction to the case has been intense, especially online.
Many Kenyans have expressed frustration over receiving frequent messages from betting sites and promotional companies they never subscribed to.
Some believe these unsolicited texts and calls could be linked to leaked personal data.
Others have shared stories of their phone numbers being added to marketing lists without permission, raising concerns that their private details might already be circulating among third-party advertisers.
Calls for accountability and compensation have flooded social media, with some users demanding that Safaricom compensate affected subscribers for violating their privacy.
Beyond individual complaints, the case has reignited national debate over data protection and corporate responsibility.
Safaricom, which serves tens of millions through its mobile network and M-Pesa services, holds a massive amount of sensitive user data.
Previous reports have already hinted at internal breaches involving rogue employees selling customer information to outsiders.
This latest scandal only deepens the public’s concern about whether telecom companies are doing enough to keep user information secure.
The outcome is expected to influence future legal standards for handling personal data in Kenya.
The ruling could shape how companies, not just in telecommunications but across other industries, are held accountable for privacy violations.
For now, affected customers have been urged to stay alert, track unusual activity on their accounts, and report suspicious transactions.
The unfolding case has become more than a dispute between a company and individuals it is a wake-up call about the urgent need to protect personal information in a country where digital connectivity has become a way of life.
