The Nigerian Federal Government has launched an investigation into the unauthorized sale of National Identification Numbers (NIN) following reports that personal data of Nigerians were available for purchase online.
Dr. Bosun Tijani, the Minister of Communications, Innovation, and Digital Economy, confirmed that discussions have started with the Minister of Interior, Olubunmi Tunji-Ojo, who oversees the National Identity Management Commission (NIMC). NIMC is responsible for managing Nigeria’s identity database. “I am confident in their commitment to safeguarding our national identity data,” Dr. Tijani stated.
The issue came to light when Paradigm Initiative revealed that NINs, Bank Verification Numbers (BVNs), and other sensitive personal information were being sold online, allegedly extracted from government databases. Gbenga Sesan, Executive Director of Paradigm Initiative, said, “We got the NIN slip of the Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani. We bought them for N100 each to demonstrate that this is not a joke.”
While Dr. Tijani did not confirm the specific claims made by Paradigm Initiative, he assured that the Nigeria Data Protection Commission (NDPC) had begun an inquiry into the alleged breach. “The NDPC has started a thorough investigation as to the circumstances surrounding this alleged breach,” he said.
Dr. Tijani emphasized the importance of a robust Digital Public Infrastructure (DPI) and improved data exchange protocols across government agencies to enhance Nigeria’s cybersecurity resilience. He noted his administration’s dedication to integrating advanced technology into public sector operations to drive economic growth.
Related Stories
- NIMC Denies Data Breach Allegations, Vows to Prosecute Offenders
- Bandits Exploit Loopholes in SIM Registration Policy to Evade NIN-SIM Tracking, Sources Reveal
In response to the allegations, NIMC issued a statement on Saturday denying any security breaches within its database. The commission asserted its implementation of stringent cybersecurity measures and warned Nigerians against sharing their data with fraudulent websites. This contradicts Paradigm Initiative’s findings that the data being sold were sourced from NIMC’s platform.
Earlier reports in March revealed that a website called expressverify was monetizing the recovery of NINs and personal information from Nigeria’s identification database. This prompted the NDPC to increase scrutiny of NIMC licensees after the website breached data protection protocols.
Experts mentioned that while there were no confirmed data breaches within the NIN database, illegal entries from third-party sources to endpoints have proliferated the system. There are concerns that regulated actors might be reselling or providing access to NIN data through APIs, which are not being properly monitored.
The ongoing investigation aims to address these security concerns and ensure the protection of Nigerians’ personal data.