PhreeNewsPhreeNews
Notification Show More
Font ResizerAa
  • Africa
    • Business
    • Economics
    • Entertainment
    • Health
    • Politics
    • Science
    • Sports
    • Tech
    • Travel
    • Weather
  • WorldTOP
  • Emergency HeadlinesHOT
  • Politics
  • Business
  • Markets
  • Health
  • Entertainment
  • Tech
  • Style
  • Travel
  • Sports
  • Science
  • Climate
  • Weather
Reading: No Audit Trails, Expired Licences, and ‘God Mode’: How the Authorities’s HR System Collapsed
Share
Font ResizerAa
PhreeNewsPhreeNews
Search
  • Africa
    • Business
    • Economics
    • Entertainment
    • Health
    • Politics
    • Science
    • Sports
    • Tech
    • Travel
    • Weather
  • WorldTOP
  • Emergency HeadlinesHOT
  • Politics
  • Business
  • Markets
  • Health
  • Entertainment
  • Tech
  • Style
  • Travel
  • Sports
  • Science
  • Climate
  • Weather
Have an existing account? Sign In
Follow US
© 2026 PhreeNews. All Rights Reserved.
PhreeNews > Blog > Africa > Tech > No Audit Trails, Expired Licences, and ‘God Mode’: How the Authorities’s HR System Collapsed
PRESIDENT RUTO .jpeg
Tech

No Audit Trails, Expired Licences, and ‘God Mode’: How the Authorities’s HR System Collapsed

PhreeNews
Last updated: February 10, 2026 9:33 pm
PhreeNews
Published: February 10, 2026
Share
SHARE

On the planet of enterprise software program structure, the audit path is sacred. It’s the immutable digital ledger that data who modified what, and when. With out it, you don’t have a safe database; you could have an open, editable spreadsheet.

In the present day, the Kenyan Cupboard confirmed that the Authorities Human Useful resource Info System-Kenya (HRIS-Ok) – the digital spine meant to handle the general public sector workforce – was working with out this basic security mechanism, resulting in large monetary irregularities and fraud.

A chilling Cupboard dispatch launched this afternoon, detailing a particular audit of the 2024-2025 monetary yr, reads much less like a bureaucratic replace and extra like a autopsy of a whole programs structure failure. The audit uncovered “severe governance, integrity, and cybersecurity failures” that turned the nationwide payroll system right into a free-for-all for unhealthy actors.

Here’s a breakdown of the technical meltdown that allowed tens of millions of data to be altered with no hint.

The “God Mode” Vulnerability: 720 Superusers

Probably the most alarming discovering within the audit is the whole collapse of ordinary entry controls. In any safe setting, “write” entry to delicate monetary databases is strictly restricted to a handful of extremely vetted directors, ruled by inflexible Function-Based mostly Entry Controls (RBAC).

But, the federal government’s system had 720 “system editors” working with what successfully quantities to unrestricted “God Mode.”

In keeping with the Cupboard dispatch, these 720 people had the facility to change payroll data at will. Moreover, the system didn’t implement fundamental Segregation of Duties (SoD) protocols, resulting in situations the place “workers edited their very own data.”

In tech phrases, this implies the system lacked the elementary logic guidelines designed to forestall a person’s distinctive ID from modifying the wage row related to that very same ID. It’s a vulnerability that shouldn’t exist in a fundamental CRUD utility, not to mention a nationwide payroll system in 2026.

The Digital Crime Scene with No Fingerprints

How do you conceal fraud on a large scale? You flip off the cameras.

The audit revealed that these system editors altered greater than 4.7 million payroll data “with out audit trails.”

That is the smoking gun of the investigation. In fashionable ERP programs like HRIS-Ok, disabling audit logs not often occurs by chance; it normally requires deliberate administrative motion to reconfigure the system to not observe adjustments.

By making certain that UPDATE instructions triggered no corresponding log entry, the perpetrators created a digital ghost city. This deliberate architectural blind spot allowed for widespread anomalies in identification data, tax compliance, and checking account particulars to proliferate unchecked.

Infrastructure Decay: Working on Expired Software program

Compounding the lively safety breaches was a passive neglect of the system’s underlying infrastructure.

The Cupboard famous “expired ICT licences” have been flagged as main dangers. Within the cybersecurity world, working mission-critical monetary programs on expired licenses normally means working unpatched, unsupported software program. This opened the HRIS-Ok system to any variety of recognized Widespread Vulnerabilities and Exposures (CVEs) that attackers, or insiders, may exploit.

Moreover, the system was working with “weak disaster-recovery preparations” and an absence of “fundamental cybersecurity safeguards,” suggesting {that a} focused ransomware assault may have worn out authorities payroll knowledge fully with little hope of fast restoration.

The “Forensic” Paradox

The Cupboard has introduced a right away “governance reset” of HRIS-Ok, pressing ICT upgrades, and a compulsory safety certification deadline set for March 11, 2026 – barely a month away.

Nevertheless, the federal government’s promise to deploy “forensic analytics to information disciplinary and authorized motion” raises a vital technical query: If 4.7 million data have been altered with zero audit trails, what knowledge will these forensics groups analyze?

You can not carry out digital forensics on logs that don’t exist. Whereas analysts might be able to evaluate present database snapshots in opposition to older backups to establish what modified, proving who made the adjustments amongst 720 customers sharing generic or unlogged entry privileges could also be technically not possible.

The Irony: “Digitisation” as a Precedence

Maybe essentially the most bitter tablet within the dispatch comes from the 2026 Price range Coverage Assertion, additionally authorised at present. In it, the Cupboard lists “digitisation” as a prime precedence for funding within the coming monetary yr.

The federal government is successfully doubling down on its digital transformation technique on the precise second its flagship digital platform is proven to be compromised by negligence. It serves as a stark warning: funding “digitisation” is ineffective for those who don’t fund the upkeep, safety, and governance required to maintain it from turning into a device for theft.

Associated

Join Telegram!
SA’s most stunning mountaineering trails (for each health degree) to kickstart your New 12 months reset
Tusker Oktobafest Wraps Nationwide Tour in Kisumu
Paradigm Tower Ventures Finalizes Acquisition of IHS Towers in Rwanda
Google Opens Functions for tenth Cohort of Startups Accelerator Africa
Bolt Launches ‘Bolt Send’ Parcel Delivery Service in Nairobi : TechMoran
TAGGED:AuditCollapsedExpiredGodGovernmentsLicencesModesystemTrails
Share This Article
Facebook Email Print
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow US

Find US on Social Medias
FacebookLike
XFollow
YoutubeSubscribe
TelegramFollow

Weekly Newsletter

Subscribe to our newsletter to get our newest articles instantly!

Forex

Market Action
Popular News
XAI Grok GettyImages 1765893916.jpeg
Tech

X restricts Grok’s picture technology to paying subscribers solely after drawing the world’s ire

PhreeNews
PhreeNews
January 9, 2026
14 Best Hikes in Jasper National Park – Alberta Canada
Kathy Bates Blasts Critics Of Her 100-Pound Weight Loss
Cruises and canoe safaris on the Zambezi
Central Otago for meals and wine travellers: Pinot noir and past

Categories

  • Sports
  • Sports
  • Science
  • Business
  • Tech
  • Entertainment
  • Tech
  • Markets
  • Politics
  • Travel

About US

At PhreeNews.com, we are a dynamic, independent news platform committed to delivering timely, accurate, and thought-provoking content from Africa and around the world.
Quick Link
  • Blog
  • About Us
  • My Bookmarks
Important Links
  • About Us
  • 🛡️ PhreeNews.com Privacy Policy
  • 📜 Terms & Conditions
  • ⚠️ Disclaimer

Subscribe US

Subscribe to our newsletter to get our newest articles instantly!

© 2026 PhreeNews. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?