National Social Security Fund (NSSF) has confirmed an attempted cyber intrusion targeting its image storage system. However, the Fund has assured members, stakeholders, and the public that core systems containing sensitive financial and personal data remain secure.
In a statement on Monday, May 21, 2025, NSSF said the intrusion attempt did not affect the core infrastructure, which is responsible for storing member data and processing financial transactions. The Fund stated that there is no evidence to suggest any data was accessed or extracted by the attackers.
NSSF said its cybersecurity team, in coordination with technical experts, quickly identified and neutralized the threat before any damage could occur.
“We wish to assure our members that the core system, which stores member data and financial transactions, remains secure and safe,” the statement read in part.
Ongoing investigations are being conducted to assess the full scope of the attempted attack and to strengthen the Fund’s systems against similar threats in the future.
“There is no evidence that any personal or financial member data has been compromised or extracted,” the statement clarified.
“NSSF remains firmly committed to upholding the highest standards of data protection, integrity, and transparency.”
The Fund has reassured Kenyans that it continues to invest in robust systems and security measures to ensure data safety. It also encouraged members to remain calm and vigilant, while directing them to its Corporate Communication Department for any further inquiries.
The incident comes at a time when many government agencies are transitioning to digital platforms, raising the stakes for secure data management. NSSF has pledged to continue its efforts in safeguarding the trust of millions of Kenyans who rely on its services.
