Nigeria’s NIMC fights off data breach accusations, flags 5 data harvesting websites

The National Identity Management Commission of Nigeria (NIMC) is struggling to stand up to recurrent threats and accusations of data breaches and theft in relation to the country’s biometric national digital ID database.

This week, it issued a statement in response to an alarm raised by Paradigm Initiative, a digital rights advocacy organization, that the ID authority may have been lax in handling some recent incidents involving data vulnerability.

Speaking for the NIMC, the body’s Head of Corporate Communications, Kayode Adegoke, said the national identity registry is not in harm’s way as alleged, and warned citizens to beware of sharing their personal data with any websites not authorized by the NIMC.

Adegoke listed five such websites, which he says, have no legal mandate to collect any personal data for the issuance of the National Identification Number (NIN).

“The following websites: idfinder.com.ng; Verify.Ng/sign in, championtech.com.ng, trustyonline.com, and anyverify.com are data harvesters not authorised by NIMC to access or manage sensitive data,” the official said, and called on Nigerians to “disregard any claims or services these websites offer and should not give their data as they are potentially fraudulent and data provided by the public on such websites are gathered and stored to build the data services they illegally provide.”

He followed up: “NIMC advises Nigerians to avoid giving their data to unauthorized and phishing sites. This poses the danger of data harvesting and comprises individual data. The Commission reaffirms its commitment to upholding ethical standards in data protection in line with federal government directives and data privacy regulations.”

“The public should know that the Commission has taken robust measures to safeguard the nation’s database from cyber threats- a secure, world-class, fool-proof database is in place. The commission’s infrastructure meets the stringent ISO 27001:2013 Information Security Management System Standard, with annual recertification and strict compliance with the Nigerian Data Protection Law,” he added.

The NIMC says it is not relenting on its efforts of ensuring that those online data criminals are apprehended. “They will be made to face the full wrath of the law. NIMC urges the public to remain vigilant against false information and rely on verified sources for accurate updates. The Commission remains committed to providing secure and reliable identity management and upholding the highest level of security for systems and databases, which are critical national assets.”

The World Bank made enacting the Data Protection Law a condition of its $430 million grant to NIMC to support NIN issuance, and has disbursed $45.5 million of the total so far, Nairametrics reports. The project has a goal of registering 148 million Nigerians for their digital ID by the end of this month, which the Bank said in its 2023 annual report NIMC was on track for. Registrations were just over 107 million as of April.

Stricter data protection measures needed

In the face of these threats to data protection, Paradigm Initiative’s Executive Director, Gbenga Sesan, has called on the government to implement stricter data protection measures in order to avoid future breaches.

Speaking at a recent press conference in Lagos reported by TVC News, Sesan, shared a scenario: “We’ve lost INEC data, we’ve lost telco data. I didn’t say this earlier; somebody brought a laptop to our office which a telco used to register biometric information and sold. They didn’t delete the data, and a whole community’s biometric information was on that laptop.”

“This is one of the areas affected by terrorism by the way. Imagine that we were bad actors. What do you think we could have done? We could easily plant that information in places that are compromised. If we don’t like your face, we’ll just make sure that somehow, your information is traceable to a place where a bomb went off. We don’t know for a fact if there is nobody in jail in Nigeria today because somebody misused their data.”

During the presser, Sesan revealed that they had uncovered a website that was selling personal data of Nigerians obtained from government sources for a lowly amount as 100 Naira (US$0.065). Paradigm says such situations must never occur and it is pushing for justice to be served citizens affected by these breaches.

Meanwhile, the NIMC has said that the issuance of the recently announced multipurpose national ID card will begin next month, upon request. Interested persons can make a request for it from their banks.

Article Topics

biometrics  |  data protection  |  digital ID  |  fraud prevention  |  National Identity Management Commission (NIMC)  |  National Identity Number (NIN)  |  Nigeria  |  Paradigm Initiative