Nairobi — Kenya Airways (KQ) last month faced a cyber attack where an unauthorized actor tried to access the airline's systems.
According to sources, however, the attackers managed to obtain limited information that included identity documents, telephone numbers, investigation reports, and email addresses.
The actor then demanded a ransom from KQ, which was declined.
KQ recently informed the Office of Data Protection Commissioner (ODPC) of the incident in line with the transparency policy and the Data Protection Act protocols.
Individuals whose limited information was accessed were contacted and engaged.
After the incident, the airline's technology security professionals adopted precautionary measures to prevent future attacks.
Cyberattacks are a common occurrence across many sectors, and Kenyan companies, like other businesses globally, are not immune to these attacks.
Kenya has in place data protection legislation amidst rising cyber security concerns.
The Data Protection Act of November 8, 2019, safeguards individuals' privacy and prevents unauthorized access, circulation, and disclosure of personal data through any medium.
Breaches by individuals carry severe penalties from the ODPC.
The act outlines offenses that include accessing personal data without proper authorization, disclosing it to third parties, or attempting to sell such data obtained through breaches.
Those found guilty may face penalties including fines up to three million shillings, imprisonment for up to ten years, or both.