In the cutthroat world of Kenyan politics, where every vote counts and personal data has become the ultimate currency, a confidential intelligence dossier has dropped a bombshell: Ronald Karauri, the high-flying CEO of betting giant SportPesa and current Member of Parliament for Kasarani, allegedly paid more than KSh 25 million in 2019 for a stolen cache of Safaricom subscriber data and then weaponized it with chilling precision to clinch his narrow 2022 parliamentary.
The claims, drawn from a dossier compiled from litigation sources and reviewed by this publication, paint a disturbing picture of how one of Kenya’s largest-ever data breaches, affecting an estimated 11.5 million subscribers, may have been quietly monetized not just for commercial gain, but to engineer democratic outcomes.
The Breach That Started It All
Between 2018 and 2019, rogue elements inside Safaricom, including senior managers later named in court filings, allegedly siphoned off highly sensitive personal profiles. The stolen data included full names, mobile numbers, dates of birth, gender, precise location histories, national ID and passport details, and, crucially, comprehensive betting and financial transaction histories for millions of Kenyans who had engaged with gambling platforms.57
Insiders moved the data through password-protected Google Drives and onto personal laptops, evading corporate controls. Benedict Kabugi Ndungu, a businessman with deep ties to the betting world, emerged as a central figure. Court records show he received samples of the data and positioned himself as both intermediary and later whistleblower. Safaricom has described him in pleadings as attempting to extort payment while also suing the telco for failing to protect subscriber privacy.1
Public court documents from the period confirm that a deal to sell the data to “a top sports betting firm” collapsed because continuous fresh data flows could not be guaranteed. But the dossier alleges a parallel, off-the-books transaction succeeded.
The Alleged Secret Purchase
According to the intelligence report, Ronald Karauri recognized the unparalleled value of this granular dataset, especially its concentration of Nairobi residents and betting profiles that revealed spending habits, risk appetites, and economic vulnerabilities. The claimed price: in excess of KSh 25 million, paid through channels designed to bypass financial tracking, with data allegedly transferred via decentralized Google Drive repositories and encrypted external drives into an independent analytical infrastructure controlled by his campaign team.56
Karauri has not been charged in connection with these allegations, and neither he nor SportPesa has publicly responded to the specific claims in the dossier. The narrow margin of his 2022 Kasarani win, 32,406 votes to the runner-up’s 30,444 in a constituency with just under 92,000 voters who turned out, has fueled speculation about what sophisticated tools might have tipped the scales.52
From Betting Profiles to Ballot Manipulation
The real power of the data, the dossier claims, lay in its weaponization during the 2021–2022 campaign cycle. Karauri’s team allegedly used historical location coordinates and demographic details to map the Kasarani electorate down to individual wards, sub-locations, and even residential blocks. Voters were micro-profiled by age, financial bracket, and behavioral patterns derived from their betting histories.
Predictive algorithms reportedly isolated “undecided” voters and flagged neighborhood-specific grievances. Cross-referencing betting spend with other financial signals helped the campaign craft hyper-targeted economic promises. Instead of generic SMS blasts or rally speeches, the operation allegedly deployed hundreds of thousands of personalized messages that addressed voters by their actual names and referenced their specific estates, creating an artificial sense of intimate connection that traditional campaigning could never match.
This was not crude spam. It was precision political engineering powered by stolen private lives.

The 2026 Court Reckoning
The allegations gain fresh urgency from a landmark May 2026 High Court ruling. In Constitutional Petition E095 of 2026 (Austin Taabu Musungu & 10 Others v Safaricom PLC), Justice Bahati Mwamuye held Safaricom liable for systemic failures that allowed the 2018–2019 breaches. The court found that subscriber data, including financial and betting records, had been unlawfully accessed and shared with third parties, including betting companies. Each of the 11 petitioners was awarded KSh 900,000 in damages, with the total payout reaching KSh 9.9 million plus costs and interest.22
The judgment confirmed what many Kenyans had long suspected: their most intimate digital footprints were treated as commodities by those entrusted to protect them.
A Threat to Democracy Itself
If the dossier’s claims hold even partial truth, this is bigger than one politician or one election. It is about whether Kenya’s democracy can survive the commodification of its citizens’ private data. Personal information harvested without consent was allegedly used to micro-target voters, predict their behavior, and craft messages designed to exploit their economic vulnerabilities, all while the individuals whose lives were dissected had no idea their data had been stolen, sold, and deployed against (or for) them.
The Data Protection Act and constitutional guarantees of privacy exist on paper. In practice, as the 2026 ruling shows, enforcement has been reactive and limited. The Karauri allegations, if substantiated, would represent a new and more dangerous frontier: the direct conversion of breached corporate data into political power.
The Questions That Demand Answers
DCI, the Office of the Director of Public Prosecutions, the Data Protection Commissioner, and IEBC must now confront uncomfortable questions:
- Was a parallel transaction concluded after the publicly acknowledged deal collapsed?
- Did any campaign in 2022, or since, benefit from stolen Safaricom data?
- What safeguards exist to prevent betting industry data troves from becoming political arsenals?
Ronald Karauri built a fortune in the high-stakes world of sports betting. He then entered elective politics and won. The dossier claims the two worlds collided in the most intimate way possible, through the private records of millions of ordinary Kenyans.
Whether those claims are fully proven in court remains to be seen. What is already proven, by the High Court itself, is that Safaricom failed its customers catastrophically, and that the data of 11.5 million Kenyans was loose in the wild, available to the highest bidder.
In a country where trust in institutions is already fragile, the idea that your phone number, your location history, and your gambling spend could decide who represents you in Parliament is not just a scandal. It is a warning.
Kenya’s digital sovereignty and its democratic integrity are now on the same endangered list. The reckoning has only just begun.
There's no story that cannot be told. We cover the stories that others don't want to be told, we bring you all the news you need. If you have tips, exposes or any story you need to be told bluntly and all queries write to us [email protected] also find us on Telegram
