The Federal Government has claimed that an unnamed “third-party” allegedly granted unauthorized access into the database of over 104 million enrolled citizens under the custody of the National Identity Management Commission, NIMC.
The Foundation for Investigative Journalism had published a report that detailed how XpressVerify, a private website, has unrestricted access to the National Identification Numbers and personal details of every registered Nigerians.
The report also disclosed that the website has monetized the recovery of NINs and personal information on the Nigerian Identification database managed by NIMC.
In what may underscore the scale of the data privacy breaches of private information of Nigerians and residents enrolled on the ID database of the country, the Federal ID agency had reported on its website that enrollment figures peaked at 104.16 million unique records, with Lagos recording the highest cumulative figure of over 11.4 million by December 31, 2023.
Meanwhile, the Nigeria Data Protection Commission, NDPC, which had launched an investigation into the exposed data breaches in the preliminary report released on Thursday claimed that an unnamed third-party was allegedly at the center of the data privacy breaches.
NDPC stated in the report that “following the reported incident of unauthorized NIN verification by expressverify.com, investigation reveals that a third-party, who among others was originally authorized to provide verification services to citizens and genuine businesses might have allowed expressverify.com to use its NIN verification credentials to conduct verification.
READ ALSO: NIMC launches mobile app allowing Nigerians to update their NIN data
“The circumstances surrounding this permission is still under investigation,” the NDPC said.
The report also noted that to remedy this incident, “NIMC in line with established protocols, barred all forms of access to its database. Though necessary, barring all forms of access affected genuine and crucial verification requests. After a painstaking review, limited access has been granted to a few establishments that are providing public services such as education and security,” it said.
The Nigerian data protection agency further stated that investigations are still underway by relevant agencies to establish the medium through which expressverify.com obtained credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.
The agency said it will conduct a series of intensive training for personnel and licenses of NIMC to ensure that they are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy and other relevant regulatory protocols.
NDPC called on the public to see the NIN as what it described as an essential data for sustainable development.
“It is important for citizens to ensure that they are not left unidentified in various frameworks for development. It is equally important to be vigilant when sharing information on various online platforms,” it added.
Credible News.ng
