Nigerian National Identity Management Commission denies data breach, but apparently leaks data

The Nigerian National Identity Management Commission (NIMC) has denied allegations of a data breach involving sensitive information of Nigerian citizens. 

In a statement signed by Kayode Adegoke, Head of Corporate Communications, NIMC reassured the public that their data remains secure and uncompromised and that NIMC has not authorized any website or entity to sell or misuse the National Identification Number (NIN) or any other identity information.

Apparenlty several websites, including idfinder.com.ng, Verify.ng, championtech.com.ng, trustyonline.com, and anyverify.com, were identified as unauthorized data harvesters.Tthe website expressverify was monetizing the recovery of NINs and personal information from the Nigerian identification database, claiming unrestricted access to this data.

NIMC has warned the public to avoid these sites and not provide any personal information, as these platforms are potentially fraudulent and illegally collecting data. Additionally, NIMC clarified that licensed partners or vendors are not permitted to scan or store NIN slips; they are only authorized to verify NINs through approved channels.

It seems that although a direct data breach has not ocurred, the NIMC has exposed its data set to various organizations who have abused it.

This incident led the Nigeria Data Protection Commission to intensify scrutiny of NIMC licensees after expressverify breached data protection protocols.