A High Court has ruled. A formal criminal investigation request has been filed. The Odibets precedent shows what arrest looks like. Now the question is whether George Mburu and Chris Mwirigi, named in DCI forensic WhatsApp evidence, will be next to be dragged into a police cell.
The May 13, 2026 High Court judgement in Constitutional Petition E095 of 2026 did not merely settle a civil dispute between a wronged citizen and Safaricom. It detonated a legal and regulatory bomb directly beneath Kenya’s dominant betting empire, Shop and Deliver Limited, trading as Betika, whose co-founders George Mburu and Chris Mwirigi are named by name in the Directorate of Criminal Investigations forensic analysis of WhatsApp communications that is now embedded in the High Court record as established judicial fact.
The judgment is the beginning. What has followed is a formal, documented criminal complaint filed on May 19, 2026 by Benedict Kabugi Ndungu, the man who first reported the Safaricom data breach to police in 2019, addressed simultaneously to Mohamed I. Amin, the Director of Criminal Investigations at Mazingira Complex, Kiambu Road, and to Peter Maina Karimi, the Director General of the Gambling Regulatory Authority of Kenya at ACK Garden Annex, Bishop Road. That complaint demands criminal investigations against Shop and Deliver Limited trading as Betika, licence numbers BK-0001117 and PG-0001113, and demands the immediate suspension or cancellation of those licences. It is not speculation. It is a formal instrument of accountability, filed at the addresses of the men with the institutional power to act.
To understand where Betika now stands, one needs only to look at what has already happened to Odibets.
Andrew Aligula, co-owner of Odibets and the man identified in DCI forensic WhatsApp evidence as ‘Andrew’ in transactions for stolen Safaricom data, has been arrested and dragged into the cells at Gigiri Police Station. The Odibets app crashed for over five hours on the day of his arrest. That is the template. That is what the application of this law looks like. Betika’s founders should study it carefully.
THE HIGH COURT HAS SPOKEN: WHAT PARAGRAPH 67 ACTUALLY SAYS
The High Court judgment in Constitutional Petition E095 of 2026, delivered on May 13, 2026, is not ambiguous. Paragraph 67 of that judgment states, in terms that are now part of the public legal record, that the forensic analysis of WhatsApp communications exchanged between Safaricom’s former employees materially reinforces the inference of a sustained and systemic compromise of subscriber data. The court found that the contents of those communications reveal that the impugned subscriber and betting-related data was not confined to isolated or internal access, but was repeatedly disseminated and transmitted to multiple third parties for commercial purposes over an extended period spanning June 2018 to May 2019.
The judgment goes further. In language that eliminates any ambiguity about who received the stolen data, the High Court found that the communications expressly reference various recipients of the data, including persons or entities identified as ‘Andrew’, ‘Odibet’, ‘the Mburus’, ‘Betika’, ‘Charles’, and ‘the Mule’, among others. That finding is now a judicial pronouncement. It was not made by a journalist, a regulator, or an activist. It was made by a High Court judge, in a formal judgment, on the basis of forensic evidence that Safaricom’s own lawyers introduced into the record as Annexure ATM-3. The evidence that destroys Betika was put before the court by Safaricom itself.
The scale of what the court has validated is staggering. The DCI forensic report establishes that between June 2018 and May 2019, former Safaricom employees Simon Billy Kinuthia and Brian Wamatu Njoroge extracted and sold the personal data of 29.9 million Safaricom subscribers, with particular focus on the betting profiles of 11.5 million identified punters. The stolen records contained not generic contact information but the forensic architecture of financial vulnerability: full names, National Identity Card numbers, M-Pesa transaction histories, geolocation data at real-time and historical resolution, device identifiers including IMEI numbers, and detailed betting patterns documenting frequency, amounts wagered, and preferred platforms. It was, in the language of one data security expert who reviewed the records, a perfectly assembled targeting database for predatory marketing.
Betika was not a casual or accidental recipient of stolen data. The forensic record and now the High Court judgment place the company’s name, and the names of its founders Mburu and Mwirigi, directly inside the criminal architecture of the theft. This is not allegation. This is court-validated forensic fact.
THE ODIBETS BLUEPRINT: WHAT ARREST AND LICENCE SUSPENSION LOOK LIKE
When observers want to understand the personal consequences that now threaten Betika’s directors, they need only examine what has unfolded with Odibets and its co-owner Andrew Akwesera Aligula, whose name appears in the DCI forensic evidence as ‘Andrew’ in the data transaction records.
Aligula, a figure who had for years maintained such deliberate invisibility that even many industry insiders were unaware of his controlling role behind the green-and-yellow Odibets brand, has been arrested and held at Gigiri Police Station in Nairobi. The arrest followed directly from the application of the same forensic record that implicates Betika, the same High Court judgment that named him by first name in its findings, and the same post-judgment pressure that is now being channelled through formal criminal complaints filed with the DCI and GRAK. The day of his arrest, the Odibets application went down for over five hours, the operational manifestation of what it means when the architect of a betting empire is in a police cell.
The arrest of Aligula is not a peripheral event in Betika’s story. It is the directly applicable precedent. The DCI forensic record names both ‘Andrew’ of Odibets and ‘Mburu’ and ‘Betika’ in the same WhatsApp conversation chain. The forensic report describes Betika as the most frequent buyer in the stolen data scheme, returning to purchase multiple separate tranches across the eleven-month criminal conspiracy. If the evidentiary threshold for Aligula’s arrest has been met by his appearance in those records, the question that Betika’s directors must now answer is what distinguishes their exposure from his.
Beyond Aligula’s arrest, the Gambling Regulatory Authority of Kenya has moved against Odibets with licence action. The company whose director was found in the same forensic chain as Betika’s founders has had its operational continuity threatened by the regulator in a direct demonstration that GRAK is prepared to deploy the licence suspension and revocation powers that the Gambling Control Act, No. 14 of 2025, has now formalised and strengthened. For Betika, the Odibets precedent is not a cautionary tale from a distance. It is the operating manual for what comes next.
The May 13, 2026 High Court judgment in Constitutional Petition E095 of 2026 did not merely settle a civil dispute between a wronged citizen and Safaricom. It detonated a legal and regulatory bomb directly beneath Kenya’s dominant betting empire, Shop and Deliver Limited, trading as Betika, whose co-founders George Mburu and Chris Mwirigi are named by name in the Directorate of Criminal Investigations forensic analysis of WhatsApp communications that is now embedded in the High Court record as established judicial fact.
The judgment is the beginning. What has followed is a formal, documented criminal complaint filed on May 19, 2026 by Benedict Kabugi Ndungu, the man who first reported the Safaricom data breach to police in 2019, addressed simultaneously to Mohamed I. Amin, the Director of Criminal Investigations at Mazingira Complex, Kiambu Road, and to Peter Maina Karimi, the Director General of the Gambling Regulatory Authority of Kenya at ACK Garden Annex, Bishop Road. That complaint demands criminal investigations against Shop and Deliver Limited trading as Betika, licence numbers BK-0001117 and PG-0001113, and demands the immediate suspension or cancellation of those licences. It is not speculation. It is a formal instrument of accountability, filed at the addresses of the men with the institutional power to act.
To understand where Betika now stands, one needs only to look at what has already happened to Odibets.
Andrew Aligula, co-owner of Odibets and the man identified in DCI forensic WhatsApp evidence as ‘Andrew’ in transactions for stolen Safaricom data, has been arrested and dragged into the cells at Gigiri Police Station. The Odibets app crashed for over five hours on the day of his arrest. That is the template. That is what the application of this law looks like. Betika’s founders should study it carefully.
THE HIGH COURT HAS SPOKEN: WHAT PARAGRAPH 67 ACTUALLY SAYS
The High Court judgment in Constitutional Petition E095 of 2026, delivered on May 13, 2026, is not ambiguous. Paragraph 67 of that judgment states, in terms that are now part of the public legal record, that the forensic analysis of WhatsApp communications exchanged between Safaricom’s former employees materially reinforces the inference of a sustained and systemic compromise of subscriber data. The court found that the contents of those communications reveal that the impugned subscriber and betting-related data was not confined to isolated or internal access, but was repeatedly disseminated and transmitted to multiple third parties for commercial purposes over an extended period spanning June 2018 to May 2019.
The judgment goes further. In language that eliminates any ambiguity about who received the stolen data, the High Court found that the communications expressly reference various recipients of the data, including persons or entities identified as ‘Andrew’, ‘Odibet’, ‘the Mburus’, ‘Betika’, ‘Charles’, and ‘the Mule’, among others. That finding is now a judicial pronouncement. It was not made by a journalist, a regulator, or an activist. It was made by a High Court judge, in a formal judgment, on the basis of forensic evidence that Safaricom’s own lawyers introduced into the record as Annexure ATM-3. The evidence that destroys Betika was put before the court by Safaricom itself.
The scale of what the court has validated is staggering. The DCI forensic report establishes that between June 2018 and May 2019, former Safaricom employees Simon Billy Kinuthia and Brian Wamatu Njoroge extracted and sold the personal data of 29.9 million Safaricom subscribers, with particular focus on the betting profiles of 11.5 million identified punters. The stolen records contained not generic contact information but the forensic architecture of financial vulnerability: full names, National Identity Card numbers, M-Pesa transaction histories, geolocation data at real-time and historical resolution, device identifiers including IMEI numbers, and detailed betting patterns documenting frequency, amounts wagered, and preferred platforms. It was, in the language of one data security expert who reviewed the records, a perfectly assembled targeting database for predatory marketing.
Betika was not a casual or accidental recipient of stolen data. The forensic record and now the High Court judgment place the company’s name, and the names of its founders Mburu and Mwirigi, directly inside the criminal architecture of the theft. This is not allegation. This is court-validated forensic fact.
THE ODIBETS BLUEPRINT: WHAT ARREST AND LICENCE SUSPENSION LOOK LIKE
When observers want to understand the personal consequences that now threaten Betika’s directors, they need only examine what has unfolded with Odibets and its co-owner Andrew Akwesera Aligula, whose name appears in the DCI forensic evidence as ‘Andrew’ in the data transaction records.
Aligula, a figure who had for years maintained such deliberate invisibility that even many industry insiders were unaware of his controlling role behind the green-and-yellow Odibets brand, has been arrested and held at Gigiri Police Station in Nairobi. The arrest followed directly from the application of the same forensic record that implicates Betika, the same High Court judgment that named him by first name in its findings, and the same post-judgment pressure that is now being channelled through formal criminal complaints filed with the DCI and GRAK. The day of his arrest, the Odibets application went down for over five hours, the operational manifestation of what it means when the architect of a betting empire is in a police cell.
The arrest of Aligula is not a peripheral event in Betika’s story. It is the directly applicable precedent. The DCI forensic record names both ‘Andrew’ of Odibets and ‘Mburu’ and ‘Betika’ in the same WhatsApp conversation chain. The forensic report describes Betika as the most frequent buyer in the stolen data scheme, returning to purchase multiple separate tranches across the eleven-month criminal conspiracy. If the evidentiary threshold for Aligula’s arrest has been met by his appearance in those records, the question that Betika’s directors must now answer is what distinguishes their exposure from his.
Beyond Aligula’s arrest, the Gambling Regulatory Authority of Kenya has moved against Odibets with licence action. The company whose director was found in the same forensic chain as Betika’s founders has had its operational continuity threatened by the regulator in a direct demonstration that GRAK is prepared to deploy the licence suspension and revocation powers that the Gambling Control Act, No. 14 of 2025, has now formalised and strengthened. For Betika, the Odibets precedent is not a cautionary tale from a distance. It is the operating manual for what comes next.
THE CRIMINAL CHARGES: WHAT BETIKA’S DIRECTORS ARE NOW FACING
The formal complaint filed on May 19, 2026, by Benedict Kabugi Ndungu, drawing on the High Court judgment and the DCI forensic record, lays out with methodical precision the criminal liability that now hangs over Betika, its corporate entity, and its directors. The charges catalogued in that complaint are not speculative. They arise directly from the forensic record that is now part of the court file, validated by judicial findings in the May 13 judgment.
Handling stolen property under Section 322 of the Penal Code is the first and most direct charge. A person who receives or retains stolen property, knowing or having reason to know it to be stolen, commits a felony. The DCI forensic record establishes that Betika purchased stolen subscriber data on multiple occasions. The involvement of the company’s founders in those transactions, established through the WhatsApp evidence, creates the personal criminal liability that attaches to receipt and retention. Data constitutes property for the purposes of this provision. The betting companies knew or ought to have known the data was unlawfully obtained because, as the forensic record reveals, they were negotiating the purchase of subscriber records in WhatsApp conversations in which the criminal mechanics of the extraction were openly discussed.
