The Nigeria Data Protection Commission said it has heightened scrutiny on the licensees of the National Identity Management Commission after a website, “expressverify” breached data protection protocols by accessing National Identification Number verification credentials without authorisation.
This information was disclosed in a statement seen on NDPC’s X official account on Friday
The website was reported to have had unrestricted access to NINs and personal details of Nigerians registered in the nation’s identity database managed by NIMC.
On March 16, the Foundation for Investigative Journalism reported that the website monetised the recovery of NINs and personal information on the Nigerian identification database.
The report, which raised concerns about data protection, prompted investigations by regulatory authorities.
According to the commission’s findings, a third-party entity initially authorised to provide verification services may have granted the website access to NIN verification credentials without proper authorisation.
It said the circumstances surrounding the breach are currently under investigation by the NDPC.
The statement read in part, “To address this issue, NIMC has implemented remediation protocols, including temporarily suspending all access to its database.
While necessary, this action impacted genuine verification requests.
“However, after careful review, limited access has been reinstated for select establishments providing essential public services.
“Ongoing investigations aim to determine how expressverify.com obtained the credentials and establish liability according to existing laws.
“Consequently, data processing activities by licensees will undergo increased scrutiny, with only compliant entities permitted to conduct NIN verification.
“Additionally, NIMC will conduct intensive training sessions to ensure personnel and licensees are well-versed in the regulatory obligations outlined in the Nigeria Data Protection Act and NIMC’s Privacy Policy.”
The NDPC has also urged the public to recognise the importance of the NIN for sustainable development.
“While efforts to enhance data protection measures are underway, citizens are reminded to exercise caution when sharing personal information online to avoid potential risks,” the statement added.
Last week, Paradigm Initiative, a civil society organisation, called for immediate action from NIMC and NDPC in response to the privacy breach.
The initiative said the breach was deemed a violation of both the National Data Protection Act and citizens’ constitutional right to privacy.
Paradigm Initiative, in a statement, stressed the urgency of intervention from NIMC and the NDPC to address this violation of citizens’ privacy rights.
“The NDPC must swiftly investigate this matter, holding accountable all parties involved in compromising the security of the National Identity Database,” it said
