Senegal data breach disrupts national ID issuance

The issuance of national ID cards in Senegal recently got halted on a temporary basis after the government reported a data breach that affected the population database.

A statement from the Directorate of File Automation (DAF) under the Ministry of Interior and Public Security announced that measures had been taken by the competent technical services to “restore operations as soon as possible.”

At the time of this report, the ID issuance process was yet to resume.

DAF is the government body in Senegal that oversee the management of the country’s biometric population register and issues identity documents including national ID cards, passports and residency documents for aliens. It also manages some of the country’s most important administrative documentation.

“The Director reassures the public and users regarding the integrity of their personal data, which remain fully intact. In addition, an investigation has been opened,” the statement assured.

While the government claims no data was touched, the group responsible for the attack styled ‘Green Blood Group’ claims, as reported by The Gambia Journal, that it had gotten hold of around 139 terabyte volume of data which includes biometrics, identity records, and immigration files.

SeneWeb also reported that Senegal Numérique SA, the government institution leading the country’s digital transformation, also suffered data compromises around the same time as DAF, which points to the fact that both attacks may have been coordinated.

Iris Corporation is the firm producing Senegal’s National ID card, and reports indicate it dispatched teams to look into the breach as soon as it was announced. The government is however also reportedly investigating whether the supplier could be liable in any way whatsoever.

The Malaysian company has been producing Senegal’s national ID card for about 10 years after it initially won a contract in 2016, estimated then at 50 billion West African Francs, roughly US$90 million. The ID contract was renewed in 2021 at the cost of $19.5 million to supply three million national ID cards, with the deal scheduled then to run till 2023.

Last year, Senegal launched a campaign which targeted three million ECOWAS regional ID holders for voter registration.

The latest cyber-attack on DAF’s infrastructure comes just months after hackers targeted the system that manages the country’s taxation.

Cybersecurity is a key aspect of Senegal’s digital transformation blueprint dubbed New Deal Technologique whose implementation is ongoing, and had a $10 million grant last year form the Gates Foundation.

Article Topics

Africa  |  biometrics  |  cybersecurity  |  data protection  |  national ID  |  Senegal  |  Senegal Numérique