Tech Minister engages Interior Minister after Nigeria data breach report reveals his ID information was traded for ₦100

Tech Minister engages Interior Minister after Nigeria data breach report reveals his ID information was traded for ₦100

Dr Bosun Tijani, Nigeria’s Tech Minister says that he has opened talks with Dr Olubunmi Tunji-Ojo, Minister of Interior that supervises the nation’s ID agency, after the report of a data breach in which the former’s identity information was allegedly purchased for ₦100.

Tijani, who did not disclose details of the talks between the two Ministers, dropped this hint when he broke his silence over the Paradigm Initiative investigation that uncovered incidents of alleged data breaches of the nation’s identity information by a website,  AnyVerify.com.ng that allegedly trades in the identity information of Nigerians.

Tijani, who said he took immediate action by first engaging with his colleague, the Minister of Interior, Tunji-Ojo, who oversees the NIMC, confirmed that, “I am aware that his ministry and the agency are on top of the matter.”

ministers-hold-talks-over-nigeria-data-breach
Dr. Bosun Tijani, Minister of Communications, Innovation and Digital Economy

Tijani, who said he took immediate action by first engaging with his colleague, the Minister of Interior, Tunji-Ojo, who oversees the NIMC, confirmed that, “I am aware that his ministry and the agency are on top of the matter.”

Nigeria data breach: Ministry, NIMC on top of the situation, Tijani says

Additionally, Tijani said that, “Nigeria Data Protection Commission (NDPC), a year old agency under my supervision as minister, has over the last few months created data compliance mechanisms for all MDAs and has since started a thorough investigation as to the circumstances surrounding this alleged breach.”

The Interior Ministry, led by Tunji-Ojo, supervises the National Identity Management Commission (NICM), the nation’s ID agency and regulator over identity matters in the country, headed by its CEO/DG, Engr Bisoye Coker Odusote.

In response to the purchase of Nigerians’ NIN slip for ₦100 as alleged by Executive Director of Paradigm Initiative, Gbenga Sesan, the Minister addressed the recent concern as he shared what he describes as “proactive steps” being taken to curtail the unauthorised access.

On his part, Bosun outlined steps being taken by his Ministry to address and mitigate issues surrounding data breaches in order to enhance the security of its systems.

According to the Minister, these steps include:

  1. 1. Presentation to kick off an alignment with all permanent secretaries highlighting the importance of a structured Digital Public Infrastructure (DPI) approach and the need for Data Exchange across MDAs to strengthen Nigeria’s cybersecurity oversight for critical DPI
    2. A 2-day workshop with Directors of ICT across all MDAs to enlighten and initiate a plan to strengthen DPI in Nigeria
    3. Launched the Devs in Government – a community of practice for all civil servants responsible for technology within the government which serves as a platform for enlightening and securing buy-in across the ICT cadre.
    4. Launched the Responsible Data Management Course for Civil Servants (a partnership between the NDPC & Datadotorg) to improve on data handling and protection across government institutions.
    5. Workshop with the Centre for Digital Public Infrastructure, to assess the status quo and agree on an implementation roadmap for DPI in Nigeria.
    6. Conducted deep dives and knowledge exchange workshops on DPI and data exchange with Finland & Estonia as part of the design process for our Data Exchange System.

Recently, as reported by Technology Times, Sesan revealed that his organisation was able to purchase Dr. Tijani’s NIN slip for a mere ₦100, highlighting potential vulnerabilities in the security of personal data. This revelation has sparked widespread concern among Nigerians, as it poses significant risks to both individuals and the national economy.

Paradigm Initiative said it uncovered a major data breach in which a website, AnyVerify.com.ng operating in the Nigerian digital space since November 2023 allegedly trades in sensitive personal and financial data of Nigerian citizens “for as little as ₦100,” according to the civil society organisation (CSO).

ministers-hold-talks-over-nigeria-data-breach
Engr Bisoye Coker Odusote, CEO/DG, National Identity Management Commission (NICM), says the ID agency did not authorise any to sell ID information of Nigerians. 

“This alarming development presents a major breach of the fundamental rights to privacy, a breach of data privacy rights and poses significant risks to individuals and the national economy,” Paradigm Initiative, said in a statement made available to Technology Times detailing the report of its investigations which found that “several unauthorised websites are claiming to hold and provide access to sensitive personal and financial data of Nigerian citizens for as little as ₦100.” 

According to Paradigm Initiative, “Due to the severe implication for millions of Nigerians, we have through our legal partners, Vindich Legal, served a pre-action notice to the following Government Agencies: National Identity Management Commission (NIMC), Nigeria Data Protection Commission (NDPC), Nigeria Immigration Service (NIS), Federal Inland Revenue Service (FIRS), Central Bank of Nigeria (CBN), Independent National Electoral Commission (INEC), Federal Road Safety Corps (FRSC) and the office of the Attorney General of the Federation (AGF).”

Describing the findings as “a shocking revelation” the CSO is calling on relevant stakeholders to address the data privacy crisis. “We call upon all stakeholders,” the CSO said, “including government agencies, financial institutions, the private sector, media institutions, researchers, and civil society organisations, to collaborate in addressing this data privacy crisis. Protecting the personal information of Nigerian citizens is of paramount importance, and collective efforts are needed to restore trust and ensure the security of our nation’s data infrastructure. Nigerians have made a lot of sacrifices and trusted the government with their personal data in exchange for a social contract that includes security, so it would be ironic to leave all of that data in the hands of bad actors such as kidnappers, burglars and terrorists.”

Paradigm Initiative said that from its research, “AnyVerify.com.ng is a website involved in the commercial distribution of personal and private data of Nigerians. On its webpage, a drop-down displaying the myriads of data services which the website renders can be observed. These include personal data such as the National Identity Number (NIN), the Bank Verification Number (BVN), a virtual NIN, Driving License, International Passport, Company details, Tax Identification Number (TIN), Permanent Voter’s Card (PVC) and Phone Numbers. All these are sold by this website to any interested party for the sum of N100.00 (One Hundred Naira Only) for each data request.”

The website was visited five hundred and sixty-seven thousand, nine hundred and ninety (567,990) times in February 2024 and one hundred and eighty-eight thousand, three hundred and sixty (188,360) times in April 2024, according to the CSO. 

However, the National Identity Management Commission (NICM) has debunked the claim of breach or compromise of data within their system in a statement, stating that the agency never authorised websites to sell or misuse NIN.

Source of Article