Gladys Boss Shollei, the Deputy Speaker of Kenya’s National Assembly, has clarified that recent reports of government systems being hacked were actually part of a controlled penetration testing exercise.
The operation involved hiring professional ethical hackers to probe vulnerabilities in critical public sector platforms. According to Shollei, many Kenyans genuinely believed the country had fallen victim to a real cyberattack when news first broke on social media.
The Uasin Gishu Woman Representative made the statement during a public address, explaining that the exercise aimed to strengthen digital infrastructure ahead of increasing cyber threats across East Africa.
“We deliberately brought in experts to attempt breaching our systems so we could identify weak points before malicious actors do,” Shollei said on the Citizen panel.
She emphasised that the exercise did not compromise any actual data, and all activities were under strict government supervision. The penetration test, commonly known as ethical hacking in Kenya, focused on key institutions, including the e-Citizen portal, the Huduma Center’s backend systems, and several ministry databases.
Cybersecurity analysts note that such proactive measures have become standard practice globally, especially after high-profile incidents affecting neighbouring countries.
Social media platforms exploded with concern when screenshots of alleged breach notifications began circulating last week. Hashtags related to the Kenya government hack trended nationwide as citizens worried about personal data exposure.
Many users shared experiences of being unable to access online services, unaware these disruptions formed part of the authorised testing phase. Information Communication Technology Cabinet Secretary William Kabogo had remained silent during the initial panic, leading to speculation about the severity of the situation.
Shollei’s revelation has now calmed most fears while highlighting the sophisticated nature of modern cybersecurity practices in Kenya. Cybersecurity experts interviewed welcomed the initiative, stating that ethical hacking services in Kenya remain underutilised despite rising threats.
“Government systems handle millions of records daily. Regular penetration testing is not optional anymore,” said a cybersecurity lecturer at Strathmore University.
He added that similar exercises conducted by private companies rarely make headlines because they are announced in advance.
Public reaction has shifted from alarm to shock in many quarters, with citizens acknowledging the importance of staying ahead of cybercriminals. Online discussions now focus on when the government will share the full report and what specific vulnerabilities were discovered during the ethical hacking process.
However, it is still not clear after the ministry claimed that Sh80 billion got lost in the process. Many questions still linger about whether it was black hat hacking or white hat hacking, as claimed by the deputy speaker.
The country’s position as East Africa’s digital hub makes such proactive testing essential for maintaining investor confidence and protecting citizen data.
As Kenya continues digitising public services, experts predict more of these controlled security tests will occur, though hopefully with better public communication to avoid unnecessary panic.
Gladys Shollei’s candid admission has turned what many perceived as a national crisis into a textbook example of responsible cybersecurity governance.
