NIMC has revealed these websites involved in the Nigerians Data breach and they are idfinder.com.ng, Verify.ng, championtech.com.ng, trustyonline.com, and anyverify.com.
The National Identity Management Commission (NIMC) has finally sounded the alarm on unauthorized websites harvesting and selling sensitive personal data of Nigerian citizens. But this warning comes after significant damage may have already been done.
On June 22, 2024, NIMC issued a statement cautioning Nigerians against websites like idfinder.com.ng, Verify.ng, and AnyVerify.com.ng. These sites have allegedly been collecting and selling National Identification Numbers (NINs), Bank Verification Numbers (BVNs), and other personal information for as little as N100.
This revelation is deeply troubling on multiple levels:
- Delayed Response: The warning comes two days after Paradigm Initiative, a pan-African social enterprise, publicly exposed this data breach on June 20. Why didn’t NIMC detect and address this issue sooner?
- Extent of the Breach: While NIMC claims that “data of Nigerians has not been compromised,” this assertion seems dubious given the detailed report from Paradigm Initiative. The commission needs to provide more transparency about the true extent of this data harvesting operation.
- Inadequate Security Measures: NIMC touts its “ISO 27001:2013 information security management system standard” certification. However, this breach raises serious questions about the effectiveness of their security protocols.
- Citizen Trust: With over 107.3 million Nigerians registered for NINs, this breach potentially affects a vast portion of the population. How can citizens trust NIMC to protect their data moving forward?
- Economic Implications: The sale of personal and financial data poses significant risks not just to individuals, but to the national economy as a whole. The potential for fraud and identity theft is enormous.
While NIMC data warning is a step in the right direction, it feels like closing the stable door after the horse has bolted. The commission needs to take immediate, concrete actions:
- Conduct a thorough investigation and provide a detailed public report on the extent of the data breach.
- Implement stronger cybersecurity measures and regular audits.
- Collaborate with cybersecurity experts to identify and shut down these unauthorized websites.
- Provide resources and support for citizens whose data may have been compromised.
- Push for stricter legislation and enforcement against data harvesting and illegal data sales.
As Nigeria continues its digital transformation, protecting citizens’ data must be a top priority. This incident serves as a wake-up call for NIMC and other government agencies handling sensitive information. It’s time for a comprehensive overhaul of our national cybersecurity strategy to prevent such breaches in the future.
The Nigerian people deserve better. It’s time for NIMC to step up and truly safeguard our digital identities.
Reference
‘Idfinder.com.ng, Verify.ng’ — NIMC warns of websites harvesting data of Nigerians published in the Cable