Security Check-in Quick Hits: Data Privacy Battles, Electoral Integrity Debates, Political Hacking Scandals, Fintech Mega-Breaches, and AI Market Disruptions

For February 22, 2026

Safaricom Faces Massive Lawsuit Over Alleged Data Privacy Breach in Kenya

In a high-profile case highlighting the tensions between telecommunications companies, law enforcement, and individual privacy rights, Kenyan university student David Mokaya is demanding KSh 200 million (approximately $1.5 million) in compensation from Safaricom following his acquittal in a criminal trial. Mokaya was charged with publishing false information after allegedly posting an AI-generated image depicting President William Ruto in a coffin on social media. The case collapsed on February 18, 2026, when Magistrate Caroline Nyaguthi ruled that prosecutors failed to prove their claims and mishandled digital evidence. During the trial, it emerged that Safaricom handed over Mokaya’s subscriber details—including location data—to the Directorate of Criminal Investigations (DCI) without a court order, violating Kenya’s Data Protection Act.

Mokaya’s lawyer, Danstan Omari, has given Safaricom 48 hours to respond, threatening a constitutional petition if unmet. This incident is part of a broader pattern; in 2025, Safaricom faced a KSh 1.432 billion lawsuit over a data breach exposing 43 million customer records, including M-Pesa data and call logs. A 2024 investigation also alleged Safaricom provided unfettered access to subscriber data for security agencies, enabling tracking linked to disappearances.

This breach underscores the risks of unchecked data sharing in emerging markets, where privacy laws are often tested against national security claims. If successful, Mokaya’s suit could trigger a wave of similar claims, forcing telcos to prioritize judicial oversight. Kenyans affected by similar incidents should review their data privacy settings and consider legal recourse.

Ongoing EVM Hacking Allegations Spark Debate in India’s Electoral Landscape

Electronic Voting Machines (EVMs) in India continue to face scrutiny amid persistent allegations of vulnerability to hacking and manipulation, a debate reignited by recent social media discussions countering such claims. While no major new breaches were reported in February 2026, routine checks—like the First Level Checking in Chirang on February 20—highlight the Election Commission of India’s (ECI) efforts to maintain integrity. Critics point to historical vulnerabilities: U.S. researchers in 2010 demonstrated how brief physical access could alter results by replacing components or using pocket devices. More recently, a 2022 RTI revelation showed EVMs use reprogrammable chips, contradicting ECI claims of one-time programmable (OTP) chips, potentially enabling tampering if machines are accessed.

The ECI staunchly defends EVMs as tamper-proof, emphasizing they lack internet or Wi-Fi connectivity, making remote hacks impossible. In October 2024, Chief Election Commissioner Rajiv Kumar dismissed battery-related tampering claims in Haryana elections. Opposition parties, however, allege bias, with some calling for paper ballots. A 2018 study by U.S. experts confirmed EVMs can be rigged through various methods, fueling distrust.

This ongoing controversy erodes public confidence in democratic processes. As India prepares for future polls, stakeholders must push for transparent audits and hybrid verification systems like VVPAT to address fears without undermining efficiency.

Nasir el-Rufai Faces Cybercrime Charges Over Alleged NSA Phone Hacking

Former Kaduna State Governor Nasir el-Rufai is embroiled in a major scandal after admitting during a February 13, 2026, Arise TV interview to being involved in the unlawful interception of National Security Adviser (NSA) Nuhu Ribadu’s phone communications without a court order. The Department of State Services (DSS) has filed a three-count cybercrime charge against him, accusing him of compromising national security under Nigeria’s Cybercrimes Act. El-Rufai is set to be arraigned on February 25, 2026, at the Federal High Court in Abuja.

The admission has drawn widespread condemnation, with public figures like Reno Omokri highlighting it’s not el-Rufai’s first hacking-related controversy—they were in court over similar issues in 2020. The Economic and Financial Crimes Commission (EFCC) has also detained el-Rufai on unrelated corruption charges. Critics, including Senator Shehu Sani, call for a probe into his eight-year tenure, while former Kano Governor Abdullahi Ganduje rejects linked allegations.

This case exposes the dangers of unauthorized surveillance by political figures, potentially eroding trust in government institutions. It serves as a reminder for stricter enforcement of cyber laws to protect privacy and national security in Nigeria’s volatile political environment.

Massive Cashea Data Breach Exposes 79 Million Transactions in Venezuela

Venezuela’s fintech sector is reeling from a colossal data breach at Cashea, a popular financing app, where threat actor “malconguerra2” leaked 46.5 GB of sensitive information on February 21, 2026. The dump includes over 79 million transaction records, details from 15,227 partner businesses, and 29 million store records, enabling attackers to map user spending habits, credit limits, and commercial relationships. Cyber Threat Intelligence firm VECERT labeled it a “maximum alert,” noting it’s unconfirmed but critical for the fintech industry.

This breach fits a pattern of attacks on Venezuelan infrastructure; malconguerra2 previously leaked 420 GB from the armed forces in January 2026 and other citizen data. Amid political instability, such leaks heighten risks of identity theft, phishing, and economic espionage. Cashea has yet to issue an official statement, but users are advised to change passwords and monitor for scams.

In a country facing economic challenges, this incident amplifies calls for robust cybersecurity measures in fintech. Victims should freeze credit and report suspicious activity to mitigate fallout.

Anthropic’s Claude Code Security Triggers $15 Billion Sell-Off in Cybersecurity Stocks

The cybersecurity industry suffered a brutal market hit on February 20, 2026, after Anthropic unveiled Claude Code Security, an AI tool that autonomously scans codebases for vulnerabilities and suggests patches. Stocks plummeted, erasing nearly $15 billion in value: CrowdStrike (CRWD) dropped 6.8%, Cloudflare (NET) fell 6.7%, Okta (OKTA) declined 9.2%, and JFrog plunged 25%. Investors fear AI agents could disrupt traditional threat detection and code-review markets.

The tool, in limited preview, builds on Claude’s capabilities but remains under refinement to avoid risks. Broader AI advancements, including OpenAI’s cybersecurity moves, have pressured software stocks amid concerns over margin erosion. However, experts argue the panic may be overblown, as Claude isn’t yet a “killer app” replacing enterprise platforms.

This event signals AI’s dual role as both enhancer and disruptor in cybersecurity. Companies must adapt by integrating AI to stay competitive, while investors watch for long-term shifts in the sector.