The line between a courageous whistleblower and an opportunistic corporate extortionist is often written in the courtroom, but in the case of Benedict Kabugi, that line has completely blurred into one of the most explosive data scandals in Kenyan history.
For years, Kabugi has stood squarely at the center of a massive legal and criminal storm. He is a man viewed by some as a public interest hero and by others as a ruthless operator who tried to hold Kenya’s biggest telecommunications giant, Safaricom, and several betting firms to ransom.
The trouble began when personal information belonging to over 11.5 million Safaricom subscribers was pulled from company databases.
This was not just a list of phone numbers. It was a deeply personal, highly valuable digital footprint of millions of citizens. It contained names, identity numbers, live location data, M-Pesa financial histories, and detailed records of people’s sports betting habits.
In the modern corporate world, this kind of data is pure gold, especially for the aggressive and highly lucrative gambling industry.
Safaricom points the finger directly at Kabugi. The company claims he teamed up with two internal senior managers to harvest this data, upload it to hidden cloud accounts, and copy it onto personal computers.
According to the corporate giant, Kabugi initially tried to sell this massive database to external betting firms. When that plan failed to bring in the cash, Safaricom alleges Kabugi shifted his strategy to straight-up extortion.
They claim he demanded a staggering Sh100 million from Safaricom itself. The deal was simple: pay the money, and he would reveal how the security breach happened and promise not to leak the information any further.
Because of these heavy claims, Kabugi found himself slapped with serious criminal charges for demanding money with menaces. But Kabugi has never backed down. He completely denies any wrongdoing. He argues that he did not steal the data to get rich, but rather exposed a dangerous security failure within Safaricom that the public had a right to know about.
His legal battle has brought forward a huge conversation about corporate accountability in East Africa.
The story took a massive turn in May 2026 when the High Court actually found Safaricom liable for violating the privacy rights of its users.
The court agreed that this sensitive information had indeed leaked out into the wild betting market and ruled that Safaricom could not just blame rogue workers for its own systematic failures.
This landmark judgment proved that Kabugi was right about the existence of the leak, and it forced Safaricom to pay damages to affected subscribers.
This court victory gave Kabugi’s supporters plenty of fuel to call him a hero who forced a powerful corporation to face accountability.
