Ujasusi Blog’s East Africa Monitoring Team | 06 February 2026 | 0155 GMT

A threat actor operating under the alias “Spirigatito” has claimed responsibility for the exfiltration of approximately 10.2 million records from Tanzania’s Business Registrations and Licensing Agency (BRELA), the government body that holds the country’s entire corporate registry — every registered company, business name, trademark, patent, and industrial licence. The claim, flagged on 4 February 2026 by cyber threat intelligence platform VECERT Analyser, represents what would be the most significant known cyber intrusion against a Tanzanian state institution and among the largest alleged compromises of a national business registry anywhere on the African continent.

⚠️ What Happened in the BRELA Data Breach?