Data Breach: NIMC Restricts Licensed Agents’ Access To NIN Database

Following the findings of the investigation by the Nigeria Data Protection Commission (NDPC), the National Identity Management Commission (NIMC) has restricted its licensed agents’ access to the National Identification Number (NIN) database.

Recall that a report by FIJ had alleged that expressverify.com, a private website, has unrestricted access to the NINs and personal details of every registered Nigerian. It added that, the website has monetised the recovery of NINs and personal information on the Nigerian identification database.

The NDPC, which is investigating the incidence of data breach at NIMC, averred that, the ongoing investigation has revealed that a third party which, among others, was originally authorised to provide verification services to citizens and genuine businesses might have allowed expressverify.com to use its NIN verification credentials to conduct verification.

The NDPC added that the ongoing investigation by relevant agencies seeks to establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.

“At the moment, data processing by licensees generally are to be scrutinized and only those that are cleared based on credible evidence of regulatory compliance will be permitted to carry out NIN verification going forward.

“Furthermore, a series of intensive training will be conducted to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy, and other relevant regulatory protocols,” it said.

While noting that the circumstances surrounding this permission are still under investigation, the Commission in a statement said, “To remedy this incident, the National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database.

“Though necessary, barring all forms of access affected all genuine and crucial verification requests. After a painstaking review, limited access has been granted to a few establishments that are providing pivotal public services such as education and security.”

The NDPC called on members of the public to see NIN as essential data for sustainable development.

According to the  commission, while existing technical and organizational measures are being strengthened to ensure the protection of this data, citizens need to ensure that they are not left unidentified in various frameworks for development.