Kenya, 31 October 2025 - The Kenya Revenue Authority (KRA) has confirmed that its official customer care account on X (formerly Twitter), @KRACare, has been hacked and renamed “StandsX”, prompting an urgent public warning.
The account, which has been operational since 2014 and boasts more than 300,000 followers, was primarily used to assist taxpayers, respond to service inquiries, and share official updates. The sudden change of its handle and suspicious activity signaled an apparent breach, sparking immediate concern within the tax agency.
In a statement issued on Friday through its verified corporate X page, KRA urged Kenyans to avoid engaging with the compromised account, cautioning that the hackers might exploit it for scams or to spread misinformation.
%2520account%2520has%2520been%2520hacked.png&w=3840&q=75)
“Members of the public are strongly advised not to engage, share personal information, or send money in response to any communication from this account, as it is fraudulent,” the statement read.
The authority revealed that it had initiated urgent recovery efforts in collaboration with X’s global support team to regain control of the handle and reinforce its digital security systems.
Until the breach is resolved, KRA advised the public to use only its verified communication platforms for official assistance, including its Facebook page at facebook.com/KRACare and WhatsApp customer care line at 0711 099 999.
KRA further assured taxpayers that its operations remain unaffected, emphasizing that the breach is limited to the social media account and does not compromise internal systems or taxpayer data.
“We are working closely with X to recover the account and strengthen our online security. We urge Kenyans to remain vigilant and to verify any information from KRA before taking action,” the authority added.
The incident highlights growing cybersecurity risks targeting high-profile government and corporate accounts in Kenya, underscoring the need for tighter digital safeguards in public institutions.
