One month after a little-known company got unrestricted access to the private data of 100 million Nigerians, Nigeria’s Identity Management Commission (NIMC) is under investigation for a data breach. One publication detailed how XpressVerify, the company involved in the breach, obtained and monetised its access to the identification numbers.
“If they [NIMC] are found negligent, there would be penalties. Last year in South Africa, the data protection agency fined the Ministry of Justice over a data breach. Nobody is above the law,” said Dr. Vincent Olatunji, the National Commissioner of the Nigeria Data Protection Commission (NDPC).
In 2021, NIMC was also accused of negligence after a self-service app for identity verification was breached, and the resulting data was sold on the dark web. While NIMC often denies these incidents, several reports have alleged worrying vulnerabilities at the agency.
“Whoever is responsible for the breach will be prosecuted. By the time we investigate and know what happened, that will guide us on what to decide,” Dr Olatunji said.
The NDPC has carried out its preliminary findings and will soon release a…
Ganiu Oloruntade
<
https://techcabal.com/2024/04/25/nimc-nin-breach/
