Kenya said Thursday that its digital platform e-Citizen, responsible for government services and housing citizens’ sensitive personal data, suffered a cyberattack Thursday.
Information and Communication Technology (ICT) Cabinet Secretary Eliud Owalo, who confirmed the attack at a press briefing in Nairobi, said the authorities were working to restore the crucial government services.
The hacking occurred on Thursday and was accompanied by a claim of responsibility from a Sudanese hacking group called “Anonymous Sudan.”
The group suggested that their actions were in retaliation for Kenya’s alleged interference in Sudan’s internal affairs, noting that it was in response to Kenya’s alleged “statements casting doubts on the sovereignty of the Sudanese government.”
Kenya’s e-Citizen portal is a vital platform for registering and managing personal data including passports, identity cards, driver’s licenses, permits and business registration.
Owalo confirmed the cyberattack as being carried out by the group, asserting that no data was compromised or lost during the incident, which impacted several services.
The Kenyan government has assured the public that it is taking immediate measures to address the security breach and strengthen the portal’s defenses against future cyber threats.
According to an ICT Ministry statement, the temporary disruption was caused by a cyberattack on the platform utilizing a technique known as a distributed denial-of-service (DDoS) attack.
The Ministry of Foreign Affairs said that due to the challenges facing the e-Citizen platform, it has resorted to issuing visas to all foreigners traveling to Kenya on arrival.
“Travelers will be issued visas upon arrival at all entry points to Kenya. The government also wishes to advise all airlines to onboard travelers destined to Kenya.”
According to the government, the e-Citizen online portal provides access to over 5,000 services from more than 100 ministries, counties, departments and agencies.
Kenya’s National Transport and Safety Authority (NTSA), Kenya Power and Lighting Company (KPLC) and Kenya Railways were among the companies that declared service disruptions due to the cyberattack.