National Identity Management Commission (NIMC) has vehemently denied allegations of a data breach compromising the personal information of millions of citizens in Nigeria. The commission assures the public that their data remains secure and has not been compromised in any way.
In a public statement, NIMC specifically denied authorizing any website or entity to sell or misuse National Identification Numbers (NINs) or any other identity information. The commission further identified several websites suspected of being involved in unauthorized data harvesting. These websites include idfinder.com.ng, Verify.Ng/sign in, championtech.com.ng, trustyonline.com, and anyverify.com.
NIMC strongly urged Nigerians to avoid these websites and refrain from sharing any personal information on them. The commission warned that these platforms are likely fraudulent and may be collecting data for illegal purposes, such as identity theft or financial scams.
The statement emphasized NIMC’s commitment to robust data security measures. The commission’s infrastructure adheres to the stringent ISO 27001:2013 Information Security Management System Standard and undergoes annual recertification to ensure continued compliance. Additionally, NIMC highlighted its strict adherence to the Nigerian Data Protection Law.
The commission advised Nigerians to exercise caution when sharing data with unauthorized websites or those suspected of phishing. Phishing websites are designed to mimic legitimate platforms to trick users into revealing personal information. NIMC reiterated its dedication to upholding ethical data protection standards aligned with government directives and privacy regulations. Licensed partners and vendors are only authorized to verify NINs through approved channels and are not permitted to scan or store NIN slips.
NIMC confirmed collaboration with security agencies to identify and apprehend the individuals operating the fraudulent online platforms. These individuals, according to the commission, will face legal consequences for their actions.
The NIMC statement comes after reports surfaced earlier this week alleging a major data breach exposing millions of personal and financial records of Nigerian citizens. This data was reportedly sold online for as little as 100 Naira (approximately $0.06 USD). Paradigm Initiative, a digital rights organization, uncovered the alleged breach and alerted authorities. The organization expressed concerns about potential privacy violations, economic impact, and national security risks.
The unauthorized websites involved in the data sale reportedly offered a variety of sensitive information, including NINs, Bank Verification Numbers (BVNs), driver’s licenses, passports, company details, tax identification numbers, voter cards, and phone numbers. The availability of this data online could be exploited for various criminal activities, including identity theft, financial fraud, and more. Financial data breaches could destabilize Nigeria’s banking system and erode public trust in financial institutions. Compromised driver’s license information and other personal data could pose national security threats.
Paradigm Initiative, through legal representatives, has issued pre-action notices to several government agencies, including NIMC and the Nigeria Data Protection Commission (NDPC). The organization seeks legal redress on behalf of Nigerian citizens and calls for a thorough investigation alongside the implementation of stronger data protection measures.
Paradigm Initiative has urged collaboration among all stakeholders, including government, financial institutions, the private sector, media outlets, and civil society organizations, to address this data privacy crisis effectively. The organization emphasized the importance of protecting Nigerians’ personal information from breaches and restoring public trust in the nation’s data infrastructure.
Investigations conducted by Launch Base Africa revealed that some of the websites implicated in the data breach in Nigeria, such as AnyVerify.com.ng, became inaccessible following the widespread reports. This sudden disappearance adds another layer of complexity to the ongoing investigation.