Safaricom’s 11.5 Million Punters File: How Odibets And Other Betting Companies Bought A Map To Kenya’s Weakest Men

For many years, Kenyans were made to believe that betting companies became big because they understood football, marketing, youth culture and the desperation of an economy where a young man would rather risk KSh 50 on a weekend match than wait for a government that has no plan for him. We were told these companies were clever, that they understood the streets, that they understood banter, that they understood the psychology of a broke country where everybody is chasing one miracle to escape rent, school fees, debt, hunger and humiliation.

But after going through the documents now placed before investigative agencies, one begins to see a much darker story. The rise of some betting companies was not just about marketing genius, football jokes and colourful promotions. It was about data, access, insider dealings and Safaricom customer information allegedly walking out of the biggest telco in the country before landing in the hands of people who knew exactly what such information could do in a gambling economy.

This story begins inside Safaricom, not inside Odibets, not inside Kwikbets and not inside any betting shop where desperate men stare at odds like religious texts. That is important because before a betting company can target a gambler, someone must first know who the gambler is. Before a company can bombard a punter with odds, bonuses, inducements and messages, someone must first separate ordinary subscribers from people who bet regularly. Before anyone can know who stakes money, how often they stake, where they live, how they transact and which betting platforms they prefer, someone must first access the kind of information only a giant telco like Safaricom would have.

According to the complaint filed by Benedict Kabugi Ndungu and addressed to the Directorate of Criminal Investigations and the Gambling Regulatory Authority of Kenya, former Safaricom employees Simon Billy Kinuthia and Brian Wamatu Njoroge allegedly accessed, copied and sold personal data belonging to millions of Safaricom customers between June 2018 and May 2019. The complaint states that the data included full names, national identity card numbers, M-Pesa transaction histories, geolocation data, device identifiers, betting patterns, gambling frequency, amounts wagered and preferred betting platforms.

That is not a normal database and anyone pretending that this was just another ordinary customer list is insulting Kenyans. This was a complete map of how people lived, moved, spent, borrowed, lost and gambled. In the hands of an ordinary company, such information is sensitive. In the hands of a betting company, such information becomes a weapon because gambling is not sold to the rich man relaxing in his compound after dinner. It is mostly sold to the financially wounded man who is looking for rescue, and the more a company knows about his habits, the easier it becomes to keep him returning to the table.

Anyone who understands gambling will understand why such data is more valuable than billboards, radio adverts, influencer campaigns and the noisy promotions betting companies keep throwing around. A betting company does not need the whole country. It needs the right people. It needs the man who loses today and still comes back tomorrow, the customer who deposits small amounts many times, the student who thinks football knowledge can pay rent, the boda rider who believes one jackpot can remove him from daily struggle, the watchman who bets after salary, the jobless graduate who has lost faith in employment and the young father trying to convert pressure into luck.

With such data, a betting company is no longer advertising blindly. It is hunting with night vision.

That is why this scandal cannot be reduced to a small data protection story or some boring fight between lawyers, regulators and former telco employees. This is not about a random spreadsheet leaking somewhere. This is about millions of Kenyans allegedly being profiled, studied and converted into betting targets. When a gambling company knows a person’s identity, M-Pesa behaviour, betting frequency, location, amounts staked and preferred platforms, the company does not need to guess the weakness of that person. It already has the wound and only needs to press it repeatedly.

The complaint claims that up to 29.9 million Safaricom customer records were accessed, while a specific profile of about 11.5 million punters was allegedly available. That figure alone should shake the country because eleven and a half million people were allegedly not just subscribers, but gamblers whose behaviour could be isolated, packaged, valued and sold. In any serious country, such a trail would not be treated as a minor corporate embarrassment but as a national digital robbery whose victims may not even know that they were robbed.

The documents further state that the stolen data was allegedly marketed, sampled, negotiated over and distributed to third parties, including gambling companies. The complaint places Odibets, Kwikbets and other betting companies at the centre of the trail that is now before investigators over the alleged receipt, use or commercial benefit from unlawfully obtained Safaricom subscriber data. It also refers to forensic WhatsApp material said to contain discussions around samples, payments, buyers, contacts and movement of customer records.

This is where the matter stops being a Safaricom employee scandal and becomes a betting industry scandal. Data is not stolen for decoration. It is stolen because someone wants it, someone pays for it, someone receives it, someone uses it and someone profits from it. The corporate side of the transaction is therefore the real story because focusing only on the employees accused of touching the data while ignoring the commercial beneficiaries would be the usual Kenyan trick of arresting the messenger while the powerful people continue eating in peace.

The next stage of the scandal is about the records. The customer acquisition machinery of Odibets, Kwikbets and other betting companies now sits at the centre of the story because the trail points to a market where Safaricom subscriber information allegedly became betting intelligence. The phone records, bank movements, M-Pesa trails, marketing contracts, agency agreements, internal communications and customer database histories from that period are the documents that can show how the data moved, who handled it, which intermediaries were involved, which companies benefited and how private telco records allegedly crossed into the gambling world.

And this is where Odibets enters the movie properly.

Odibets did not become a household name by accident. It grew in the middle of Kenya’s betting madness, when young people were being swallowed by football odds, jackpots, virtual games and the false promise that one lucky slip could repair a lifetime of economic failure. The brand became visible everywhere, from streets to phones to football conversations. The public saw the colours, slogans, promotions and cheerful campaigns. What the public did not see was the machinery behind customer acquisition, the data sources, the internal networks, the middlemen and the shortcuts used to identify and reach punters.

The complaint now places Odibets, trading under Kareco Holdings Limited, among the companies whose records are part of the wider trail. It also raises questions around Kwikbets and other gambling companies, while pointing to phone records, bank records, M-Pesa records, company records, intermediaries and associated accounts covering the period in question. The gambling regulator is also drawn into the matter because licensing a betting company is not only about allowing it to take bets. It is also about ensuring that the company did not build its market through unlawfully obtained customer information.

This is not a public relations matter and no amount of polished statements can erase the data trail. It is a money trail, a customer acquisition trail and a regulatory failure that now exposes how weak Kenya has been in supervising companies that make billions from human desperation. Betting companies operate in one of the most sensitive sectors in the country because they sell hope to people who are already financially wounded, and when such companies are linked to unlawfully obtained telco data, the issue moves beyond business competition and becomes a question of exploitation.

Kenya must stop pretending that betting companies are ordinary entertainment businesses. These are companies whose profits depend on repeated human behaviour, emotional weakness, economic frustration and the belief that one correct prediction can defeat years of poverty. That is why access to private customer data becomes so dangerous. A normal advertiser can only shout into the crowd and hope the right people hear. A gambling company armed with behavioural data can identify the people already trapped in the habit and follow them with precision.

This is the same country where a poor man who steals a chicken can be beaten before police arrive, yet companies can allegedly sit on stolen customer data and continue operating as if nothing happened. It is the same country where regulators enjoy launching guidelines but disappear when real files land on their desks. It is the same country where corporate Kenya has perfected the art of looking clean in public while rotten deals are cooked through WhatsApp groups, hotel meetings, private offices and networks of middlemen who know how to move between insiders and buyers.

The Safaricom data heist may become one of the most important scandals in Kenya because it shows the new face of corruption. In the past, people stole land, tenders, maize, cemetery money and road funds. Now the clever ones are stealing behaviour. They want to know who a person is, where he lives, what he spends, what he fears, what he desires and when he is most likely to make a bad decision. That is more dangerous than stealing a file from a ministry because behavioural data does not just describe a citizen. It predicts him.

For a betting company, that kind of information is not merely useful. It is deadly.

The victim is not just Safaricom. The victim is the Kenyan whose private life was allegedly converted into betting fuel without his knowledge. The victim is the man who thought he was simply receiving another betting message, yet behind that message may have been a stolen profile of his habits, losses, location, phone identity and financial behaviour. The victim is the citizen who trusted Safaricom with his details because modern life in Kenya almost forces everyone to trust Safaricom with everything.

The Odibets trail now becomes central because the company represents the wider question of how betting empires were built during Kenya’s gambling gold rush. Was the growth of these companies powered only by marketing, sports sponsorships, branding and aggressive promotions, or did stolen Safaricom subscriber intelligence provide the shortcut that allowed selected operators to locate gamblers faster, target them better and extract more value from their desperation?

That is the question this series will follow from the first data sample to the final customer campaign.

We will go through the documents slowly, examine the Safaricom insider trail, follow the forensic WhatsApp material, look at how the customer records allegedly moved, study the role of Odibets, Kwikbets and other betting companies, and expose how the private information of millions of Kenyans allegedly became part of the betting industry’s growth machine.

Because this story is not just about data.

It is about how Kenya’s gambling gold rush was powered by stolen knowledge of the poor man’s desperation.