Hours after a widespread cyberattack disrupted a number of key government websites, Kenya’s Cabinet Secretary for Information, Communications and Digital Economy, William Kabogo, has assured the public that no data was accessed, altered or lost.

In a statement released on Monday, 17 November 2025, Kabogo said the hack caused only a temporary outage. He explained that while users could not access affected websites earlier in the day, all the defaced platforms have now been fully restored.

“A number of government websites experienced a temporary outage … Our teams acted quickly, and all services are now fully restored,” Mr Kabogo said.

He added that his ministry had swiftly implemented counter-measures to secure the sites and was increasing its monitoring to try to prevent such incidents from recurring.

“The issue affected website access only. No personal or government data was accessed, altered, or lost … We applied immediate mitigation measures … We have increased monitoring to prevent similar issues,” read the statement.

What Happened in the Attack

According to reports, several ministries and agencies — including Health, Education, Labour, ICT, Environment, Tourism, Interior and even the State House — saw their websites taken offline or defaced. Pages displayed shocking and extremist messages such as “White power worldwide” and “14:88 Heil Hitler.”

In addition to these ministries, other key government offices were reportedly affected: the Immigration Department, the Directorate of Criminal Investigations, the Government Press, and more. Even county-level sites, like Nairobi County’s portal, were said to be disrupted. A spot check showed that at least the Defence and Treasury ministries appeared to remain unaffected.

At the time of Kabogo’s statement, no organisation had claimed responsibility for the attack, and no attribution had been confirmed.

Why This Attack Matters

The defacement of government websites is deeply concerning — not just because of the extremist slogans, but because so many public services now rely on digital infrastructure. When nationals turn to online portals for vital information, any prolonged downtime can disrupt lives.

Cybersecurity experts say that the absence of a confirmed data breach is reassuring. However, they warn that even if data was not exfiltrated, defacement attacks can be a first step in probing system vulnerabilities.

One Nairobi-based analyst said: “It’s good news that Kabogo says no data was lost — but the government must conduct a full forensic review. If this was just a dry run, more serious attacks could follow.”

Past Warnings Echo Back

This is not the first time Kenyan government systems have come under cyberattack. In 2023, a Sudanese hacker collective claimed responsibility for breaching several major Kenyan sites, including e-Citizen, in what it called retaliation for Kenya’s alleged meddling in Sudanese affairs.

That earlier case ended with renewed focus on cyber defences, but today's breach suggests the risk remains high.

What Comes Next

The Ministry says it has bolstered its technical teams and is working round-the-clock to assess vulnerabilities. For the public, the key takeaway is reassurance: according to the government, their private data has not been compromised — but vigilance remains crucial.

“It’s not enough just to restore sites,” said one cyber policy expert. “We must safeguard systems longer term and build public trust in our digital services.”