The Kenya Revenue Authority (KRA) is battling a high-profile security breach after its primary customer service account on X (formerly Twitter), @KRACare, was compromised by unknown hackers.
The account, which is a critical communication channel boasting over 300,000 followers, has been seized, its handle forcibly changed to “StandsX” by the unauthorized intruders, marking a significant disruption to public engagement with the tax agency.
Urgent Public Warning on Fraudulent Activity
The breach, which came to light on Friday, has forced the KRA to issue an urgent and strong advisory to the public, warning against engaging with the now-fraudulent handle.
“Members of the public are strongly warned not to engage, share personal information or send money to any messages or posts from this account, as they are fraudulent,” read a statement released via the Authority’s verified corporate account, KRACorporate.
The KRA’s customer care account is one of the most active government channels, used daily for taxpayer support and real-time guidance.
Its compromise presents a high-risk situation, potentially exposing thousands of unsuspecting Kenyans to phishing scams and financial fraud.
Status of Internal Systems and Recovery Efforts
The KRA emphasized that the incident is strictly confined to the social media platform, with internal systems such as the crucial iTax system remain secure and unaffected.
This distinction is vital in maintaining public confidence in the core tax infrastructure.
The Authority has launched an urgent recovery process in collaboration with X’s technical team to regain full control of the platform.
Irony Amidst Cybersecurity Conference
Adding an element of irony to the situation, the high-profile cyber intrusion occurred amidst Cyber Week Africa 2025, a major international conference being hosted in Nairobi this week, dedicated to strengthening the continent’s digital security posture.
Security analysts say the timing underscores the persistent threat facing vital government communication channels, especially those with large public followings.
In the interim, the KRA has directed the public to rely exclusively on its other official, verified platforms for reliable information and assistance, including the @KRACorporate X account, its official Facebook page, and its dedicated WhatsApp line.
by Eugene okumu
