The Directorate of Criminal Investigations (DCI) has formally closed investigations into a case involving a Nairobi-based travel agency accused of hacking into a computer system and fraudulently booking air tickets worth more than KSh 22.4 million.
A Nairobi court allowed the closure of the file after investigators informed the magistrate that all inquiries into the alleged cybercrime had been completed.
Testifying before the court, investigating officer Joseph Karanja said the probe involved allegations of unauthorised access to a computer system, contrary to Section 14(1) of the Computer Misuse and Cybercrimes Act, among other related offences.
Complaint Filed Over Alleged System Breach
The court heard that on July 22, 2025, the director of Tuli Executive and Travel Ltd, a Kenyan-based global travel agency, reported to DCI Headquarters that the company had suffered a computer system breach affecting its ticket booking operations.
According to the complaint, unknown persons accessed the firm’s Global Distribution System (GDS) account — ID NBO41236H and booked multiple flights for different clients. The bookings allegedly amounted to KSh 22,415,575, which was later charged to the company.
The complainant provided investigators with documentation detailing the disputed flight tickets.
IATA and Airline Systems Involved
The court was told that the cyber incident triggered a demand for payment from the International Air Transport Association (IATA) through its Travel Agency Commissioner’s Office, which sought settlement for tickets allegedly issued through the company’s system.
The firm uses the Amadeus Global Distribution System (GDS) to book flights, while payments for tickets are processed through the IATA Billing and Settlement Plan (BSP).
Following court orders, both IATA and Emirates Farelogix supplied investigators with system log data showing computer interactions with the BSP system during the period of the breach.
IP Addresses Traced, Court Orders Issued
Investigators told the court that analysis of the logs identified suspected fraudulent IP addresses hosted within Kenya.
The DCI noted that the evidence sought was electronic in nature and therefore subject to certification requirements under Section 106B(4) of the Evidence Act.
Based on this, the court issued orders compelling Vijiji Connect Limited to provide specific information linked to the identified IP addresses. The order was served on October 21, 2025, and received by Vijiji Connect manager John Kimotho, who acknowledged receipt and undertook to forward it to the company’s CEO for compliance.
Similar court orders were also served on Wananchi Group Kenya as part of the investigation.
Case Closed After Investigations
After reviewing the investigation progress, the court granted permission for the DCI to close the case file, marking the end of the criminal inquiry into the alleged cyber intrusion and fraudulent ticket bookings.