Senegal National ID Department Suspends Operations Following Green Blood Group Ransomware Attack
Learn More
The Directorate of File Automation (DAF) of Senegal confirmed a major cybersecurity incident following ransomware claims by a group called Green Blood Group.
The breach, which occurred on January 19, 2026, forced the government to temporarily suspend the office responsible for managing national identity cards, passports, and biometric data for the country's 19.5 million residents.
An internal email from Quik Saw Choo, a senior general manager at IRIS Corporation Berhad, a Malaysian partner tasked with creating Senegal's digital ID cards reveals that hackers gained access to the servers and stole personalization data. IRIS disabled network connections to one server and changing credentials on another to stop the attack and also shut off connections to foreign missions and other government offices.
The Green Blood Group claims the stolen data includes:
- 139 GB of citizen database records
- Biometric data and fingerprint records
- National identity card personalization files
- Passport and immigration documents
- Internal government communications and emails
The nature of the attack is not disclosed.
The number of affected individuals is approximately 19.5 million residents. A team of Malaysian cybersecurity experts were dispatched to Dakar on January 22, 2026, to conduct a forensic investigation and implement corrective measures. The DAF office has been disrupted for several days, and its official website remains offline as experts work to restore affected systems. The government has not yet issued a full public report on the incident.
