A threat actor using the alias “Kazu” has published a 9GB dataset allegedly belonging to the Kenya Medical Practitioners and Dentists Council (KMPDC), the regulatory authority overseeing medical and dental practice in Kenya. The actor shared the data on a dark web forum.
No ransom or monetary demand accompanied the post, indicating that the leak was likely motivated by notoriety or public disclosure rather than extortion.
The post by Kazu contained only a brief statement and a direct download link, suggesting the actor intended to release the data freely rather than sell it.
While the forum post did not specify the nature of the exposed files, given the KMPDC’s regulatory role, the compromised dataset could potentially include:
- Medical practitioner registration details (names, license numbers, qualifications).
- Professional identification records (doctors, dentists, and interns).
- Administrative communications and compliance documentation.
The file size, 9GB, indicates a significant volume of sensitive regulatory and personal data that could have wide-reaching implications for Kenya’s healthcare sector.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and situational intelligence purposes.