MMC Africa sells themselves as one of the most reputable corporate law firms in Africa with an international byline. In Kenya, they’re being retained by major corporate firms, Safaricom is one of their biggest clients.
MMC Africa was representing the late Bob Collymore and Safaricom in many cases including numerous cases with Blogger Cyprian Nyakundi. The endless cases ended up in the blogger suing the company over harassment. He argued that the company was using its financial muscles to harass him with cases and also arrests.
MMC Africa is currently under fire over its involvement in a tender scam where half a billion is under question over their retain services to NHIF, a scandal ridden parastatal.
Now, Safaricom is currently faced with a potential Sh115Trillion class action suit which by all evidences, could’ve been avoided. You see, Safaricom employees had allegedly stole data of 11.5M customers and hawking it around like peanuts, the employees had even approached firms like Sportpesa to sell this data to.
Not so many people take data breach with the seriousness it deserves, more so in Kenya. The data in question has crucial bio analysis of customers that would put their personal security in danger. Data held spending pattern, physical locations name it. Politicians and even religious leaders like Muslims who don’t condone gambling, had their data leaked. You can imagine the damage this would hold if this data was made public.
Initially, Safaricom through legal advice of MMC Africa had refuted data leakage, in fact the petitioner in their case a Mr. Benedict had to be arrested alongside his accomplices who were Safaricom’s employees. While Benedict thought he had covered all his tracks during the case by reporting everything to the DCI, things didn’t go as planned.
Having obtained the data from Safaricom employees, Benedict after weighing, reported the matter to the DCI in Parklands, he was promptly connected to the bully DCI unit at Safaricom.
They organized a meeting, actually, the DCI agent attached to Safaricom ignored Benedict who’s job was to connect the Safaricom employees to potential clients for the stolen data. Knowing what was at stakes. Benedict approached Safaricom executives directly.
A negotiation process ensued, Benedict was not to leak this info to the public. The executives asked for time to process and deliver a deal. Benedict was paid Sh50,000 via Mpesa which is documented in the court evidence. This money was for them ‘for the weekend’ in plain streets language, this was a bribe.
He was to be compensated so the story could be killed, another bargain was for Benedict to help the company to trail and nab the internal staff who was leaking the data.
Things took a different turn, after consultations with MMC Africa the law firm, Safaricom decided to lodge criminal investigations against Benedict who would then be arrested on several occasions before using him to trap the insiders. He was forced to collaborate with the Safaricom’s HQ based detectives. He has since lodged a case against them over harassment.
Benedict who’s the petitioner, was accused of demanding money in menace, the Sh300M that they had negotiated with Safaricom executives, we can’t a certain these claims. In fact according to publications, it was the Safaricom’s executives who had given him a blank check to sign.
Initially, on 8th July, 2019, Daniel Ndamba a Safaricom’s executive in an affidavit drawn by Safaricom’s client MMC Africa, denied having any knowledge of data breach in the suit. All along they vehemently denied any breach and accused the petitioner and his accomplices of conniving to defraud the company.
Fast forward to 9th September, 2019 in a verifying affidavit drawn by MMC Africa in response to a plaint dated the same day, Daniel Ndamba admitted to the data breach of 11.5M Safaricom clients.
What does this therefore means? All the 11.5M clients whose data was breached need to know that an admission has been made in court by Safaricom and that they should join the suit for the breach. According to the suit, each of the client affected should be compensated for Sh10M. We’re therefore asking all Kenyans affected to demand for their money. We now have data protection law in place.