The National Identity Management Commission (NIMC) has received $45.5 million from the World Bank thus far as part of the Digital Identification for Development (ID4D) project, which aims to increase the number of Nigerians applying for National Identification Numbers (NINs).
This coincides with current worries that, as Nigerians’ data is being bought online, the NIN database and the databases of other government organizations are not safe.
As per the Bank’s project execution report, the fund was dispensed in several installments from December 2021 to April 2024, and the disbursement is currently in progress.
The $45 million that has been made available thus far amounts to around 10.5% of the project’s estimated $430 million overall cost.
Although Nigeria is still falling behind schedule—148 million Nigerians need to be enrolled in the NIN by June 1, 2024—the Bank deemed the project’s current status to be “moderately satisfactory.” 107.3 million NIN had been issued as of April of this year, according to a recent disclosure from NIMC.
Concerns about data harvesting and privacy violations
The institutionalization of data protection was a prerequisite for the project’s funding release, which consists of grants and loans.
The World Bank claims that Nigeria’s enactment of the Nigeria Data Protection Act in June of last year, which provides assurances on the appropriate protection of the data being gathered, enabled the country to unlock funding for the project.
Nevertheless, even with a data protection law in place, Paradigm Initiative, an organization that promotes data rights throughout Africa, has raised concerns about the security of Nigerians’ data. This happened in the wake of the recent revelation that certain websites are selling Nigerians’ personal information taken from official databases such as the BVN, NIN, international passports, and others.
Contrary to the NIMC’s warning on Saturday, which advised Nigerians not to share their personal information with bogus websites, the Executive Director of Paradigm Initiative, Mr. Gbenga Sesan, claims that the data being sold on these websites was obtained directly from official databases.
“The problem is not Nigerians because we were able to confirm that what they were selling is NIMC’s data and we have proof. We obtained the NIN slip of Dr. Bosun Tijani, the Minister of Communications, Innovation, and Digital Economy. We obtained the NIN slip of Dr. Vincent Olatunji, the top data regulator in Nigeria. To show that this is serious business, we paid N100 for each of them,” he stated.
Implications for security
The director of the Paradigm Initiative stated that the data leak has serious security ramifications for all Nigerians, even if he acknowledged that the Nigeria Data Protection Commission (NDPC) has not been doing enough to protect the data of Nigerians.
“The true implication is that people can buy SIM cards with your NIN. One issue we discovered is that the Minister’s home address was included on the NIN slip we purchased, not simply the NIN. In essence, all it takes to kidnap someone is for them to pay for your NIN slip and obtain your residential address,” he continued.
The NDPC has not yet responded to the matter as of the time this report was submitted. When contacted for comments, a Commission representative stated that the official response would be provided shortly.
NIMC assures Nigerians that their data is secure.
Even though it acknowledged that certain websites were “harvesting data illegally,” NIMC refuted the accusations that sensitive information belonging to Nigerians was exposed in its response to the data breach allegation for the second time in three months.
“As of right now, the Commission can guarantee the public that the information pertaining to Nigerians has not been breached, and it has not granted permission to any website or organisation to sell or utilise the National Identification Number (NIN) in conjunction with any of the identities included in the report.”
“The public should be aware that the Commission has implemented strong defences against cyberattacks, ensuring that a top-notch, fully-proof database is in place and safe from harm.The commission’s infrastructure meets the stringent ISO 27001:2013 Information Security Management System Standard, with annual recertification and strict compliance with the Nigerian Data Protection Law,” NIMC’s Head of Corporate Communications, Kayode Adegoke, said in a statement.
Things To Note
Online journal FIJ said in a report earlier in March that expressverify.com, a private website, has unfettered access to the NIN database and the personal information of every Nigerian who has registered.
It further stated that the website has made money off of the retrieval of NINs and private data from the Nigerian Identity Database.
As a result, the NIMC restricted access to its information for third parties, and the NDPC began looking into the purported breach. Additionally, the website expressverify.com was taken down.
The Paradigm Initiative’s most recent finding, however, suggests that unapproved third parties are still able to access Nigerians’ databases, including those for international passports, BVN, driver’s licenses, and NINs, among others.
Checks also showed that AnyVerify.com.ng, the most recent website to be discovered, has been taken down. Prior to its removal, Nairametrics conducted a visit to the website, which revealed that it handled various Nigerian population data and offered verification services.
