Huge price firms pay for data breach

It was not the first case of a suit related to the data breach.In 2021, Amazon's financial records revealed that officials in Luxembourg issued $877 million (Sh105.24 billion) for breaches of the General Data Protection Regulation (GDPR), according to the cybersecurity website CSO.

Security law

The website claimed that the fine "is believed to involve cookie consent." CSO also reported that Chinese ride-hailing firm Didi Global had to pay $1.19 billion (Sh132.8 billion) after the Cyberspace Administration of China "decided that the company violated the nations' network security law, data security law, and personal information protection law".

After a three-year investigation, WhatsApp was fined $255 million (Sh30.6 billion) in August 2021 for a series of GDPR cross-border data protection infringements in Ireland.

Dr Bright Gameli, a cyber-security engineer and researcher, says abuse of subscriber data is a common practice for companies that feel they have a way around Data Protection Commission's rules.

"People get scammed a lot of times. Phishing has become rampant due to data going to the wrong people. Data is a priceless asset that is now prone to rampant misuse," he says.

According to the Data Protection Act 2019, the illegal selling of data may attract a fine not exceeding Sh3 million or an imprisonment term not exceeding ten years, or both.