NSSF Hack: Massive 2.5TB Data Breach – The Full Story

Kenya’s National Social Security Fund (NSSF) has been at the center of a cybersecurity storm after reports emerged that hackers infiltrated its systems and stole 2.5 terabytes of sensitive data. The alleged NSSF Hack, claimed by a hacking group called Devman, sparked widespread panic among millions of Kenyan contributors. However, NSSF has since denied any successful data exfiltration, insisting that its core systems remain secure.

What Happened?

On May 19, 2025, cybersecurity analysts at HackManac raised alarms after the Devman hacking group posted on X (formerly Twitter), claiming they had breached NSSF’s systems. The hackers allegedly:

• Stole 2.5TB of data, including member records and financial transactions.
• Modified NSSF’s Group Policy Object (GPO), allowing them to push malicious updates across the network.
• Gained access via LDAP (Lightweight Directory Access Protocol), a critical Windows-based directory service.
• Demanded a $4.5 million (KSh 579 million) ransom, threatening to leak the data within 24 hours if it was not paid.

NSSF’s Response: No Evidence of Data Theft

In an official statement on May 20, 2025, NSSF acknowledged an attempted cyberattack but dismissed claims of a full-scale breach:

“We wish to inform our members that there was an attempted intrusion targeting our image storage system. However, our core system—which stores member data and financial transactions—remains secure. Ongoing investigations show no evidence of data compromise.” 

Key points from NSSF’s response:

• Only an auxiliary system (image storage) was targeted, not the main database.
• No personal or financial data was accessed or stolen, per preliminary findings.
• The Fund is working with cybersecurity experts and law enforcement to investigate.

Why the Conflicting Reports?

The discrepancy between HackManac’s claims and NSSF’s denial raises questions:

1. Possible Misinformation? – Hackers often exaggerate breaches to pressure victims into paying ransoms.
2. Limited Scope? – The attack may have been contained before critical data was accessed.
3. Ongoing Investigation? – NSSF’s forensic team may still be assessing the full impact.

Could This Be a Ransomware Attack?

The Devman group’s tactics resemble a ransomware attack, where hackers:

• Encrypt or steal data and demand payment for its release.
• Threaten public leaks to increase pressure (as seen in recent attacks on Morocco’s CNSS).

However, NSSF has not confirmed any system lockdowns or data encryption, suggesting the attack may have been interrupted before full execution.

What Should NSSF Members Do?

While NSSF assures members their data is safe, it’s wise to take precautions:

• Monitor financial accounts for suspicious activity.
• Enable two-factor authentication where possible.
• Watch for phishing emails pretending to be from NSSF.

Bigger Picture: Rising Cyber Threats in Africa

This incident follows a wave of cyberattacks on African social security funds:

• Morocco’s CNSS suffered a massive breach in April 2025, exposing 2 million employees’ data.
• Egypt’s National Social Insurance Authority faced similar threats recently.

Experts warn that government and financial institutions are prime targets due to weak cybersecurity infrastructure and high-value data.

Final Verdict: Was There a Breach?

As of May 23, 2025, NSSF maintains that no data was stolen, but the situation remains under investigation. Key takeaways:
✅ Core systems unaffected – Financial and member data reportedly safe.
⚠️ Attack attempt confirmed – Hackers targeted an auxiliary system.
🔍 More updates expected – NSSF promises further transparency.

Stay Updated

We’ll continue monitoring this story. Bookmark this page for the latest developments on the NSSF hack.