Justice Bahati Mwamuye awarded each petitioner KSh900,000 in general damages, bringing the total compensation to KSh9.9 million, excluding interest and legal costs. The court further directed that the amount would continue attracting interest until full payment is made.
The judge also ordered Safaricom to bear the costs of the petition filed by Austin Taabu and 10 other complainants who accused the company of failing to adequately protect sensitive subscriber information.
The case centered on allegations that personal information belonging to more than 11.5 million subscribers was exposed between 2018 and 2019 in one of Kenya’s most high-profile data privacy disputes.
Subscriber data breach allegations detailed in court
Court documents indicated that the petitioners accused rogue employees of orchestrating unauthorized access to subscriber records before allegedly sharing the information with external parties, including betting firms, for financial gain.
The complainants argued that Safaricom failed in its duties as a data controller by not putting in place sufficient safeguards to prevent internal misuse of customer information.
According to evidence presented before the court, WhatsApp conversations involving some employees allegedly pointed to widespread access to confidential customer records without proper oversight or restrictions.
The petitioners, represented by Mola Kimosop Advocates, maintained that the incident reflected broader systemic failures within the company’s data security framework rather than an isolated breach.
The lawsuit cited violations of Articles 28, 31(c) and 46 of the Constitution, which protect the rights to human dignity, privacy and consumer protection.
The court heard that sensitive subscriber information, including geolocation details, betting activity and financial records, was allegedly accessed and exploited without customer consent.
Justice Mwamuye concluded that Safaricom had infringed upon the constitutional rights of the petitioners and awarded damages in their favor.
