FG commences NIN data leak probe
The Federal Government has launched an investigation into the alleged unauthorised sale of National Identification Number (NIN), following revelations that the personal data of Nigerians were available for purchase online at a fee.
The revelation has sparked widespread concern regarding the protection of individual privacy rights and potential economic repercussions.
The Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani, while addressing the issue confirmed he had begun discussions with the Minister of Interior, Olubunmi Tunji-Ojo, on the matter.
The Ministry of Interior currently oversees the National Identity Management Commission, the body responsible for managing Nigeria’s identity database.
“While I have engaged with my counterpart at the Ministry of Interior regarding this matter, I am confident in their commitment to safeguarding our national identity data,” Dr. Tijani affirmed in a statement released on Wednesday.
He expressed confidence in the ongoing efforts of both the Ministry of Interior and NIMC to address the issue promptly.
Last week, Paradigm Initiative raised the alarm after uncovering instances where NINs, Bank Verification Numbers (BVNs), and other sensitive personal information were purportedly available for sale online, citing direct extraction from government databases.
The Executive Director of the organisation, Gbenga Sesan, said that the data being sold on the websites were sourced directly from the government’s databases.
“The problem is not Nigerians because we were able to confirm that what they were selling is NIMC’s data and we have proof. We got the NIN slip of the Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani. We got the NIN slip of the number one data regulator in Nigeria, Dr. Vincent Olatunji. We bought them for N100 each to demonstrate that this is not a joke,” he said.
Although declining to confirm specific claims made by Paradigm Initiative, regarding the illicit sale of Nigerians’ personal data, Tijani confirmed that the Nigeria Data Protection Commission had commenced an inquiry into the alleged breach.
“The NDPC, a year old agency under my supervision as minister, has over the last few months created data compliance mechanisms for all MDAs and has since started a thorough investigation as to the circumstances surrounding this alleged breach, “ the minister said.
Highlighting the importance of a robust Digital Public Infrastructure (DPI) and streamlined data exchange protocols across government agencies, Tijani underscored his administration’s dedication to enhancing Nigeria’s cybersecurity resilience.
“Having established that, I do believe that it is important to share the proactive steps I have taken upon appointment to help strengthen technology application in government, despite the historically siloed approach to procurement and development,” the minister said.
He emphasised that shortly after assuming office, he published a comprehensive strategy outlining his vision for integrating advanced technology into public sector operations to drive economic growth.
Meanwhile, NIMC had issued a statement on Saturday refuting allegations of any security breaches within its database, asserting its implementation of stringent cybersecurity measures to safeguard the integrity of Nigeria’s national identity database.
The commission had also warned Nigerians to desist from sharing their data with fraudulent websites. The claims by NIMC that data were sourced from other sites other than its platform contradict the findings of Paradigm Initiative.
In March there were media reports that a website known as expressverify was monetising the recovery of NINs and personal information from the Nigerian identification database.
The website reportedly had unrestricted access to NINs and personal details of Nigerians registered in the nation’s identity database managed by NIMC.
This incident prompted the NDPC to heighten scrutiny of NIMC licensees after the website breached data protection protocols.
Experts, who spoke to The PUNCH earlier said though there were no cases of data breaches in the NIN database, illegal entries from third-party sources to endpoints have proliferated the system.
The PUNCH gathered that there might be regulated actors reselling or providing access to NIN data through APIs (application user interfaces) via a reselling service, which is not being properly monitored.