Data Breach: NIMC Agents To Face More Scrutiny, Says NDPC

The Nigeria Data Protection Commission said it has heightened scrutiny on the licensees of the National Identity Management Commission after a website, “expressverify” breached data protection protocols by accessing National Identification Number verification credentials without authorisation.

This information was disclosed in a statement seen on NDPC’s X official account on Friday.

The website was reported to have had unrestricted access to NINs and personal details of Nigerians registered in the nation’s identity database managed by NIMC.

READ ALSO: Gunmen Invade Celestial Church, Kidnap Two In Ogun

On March 16, the Foundation for Investigative Journalism reported that the website monetised the recovery of NINs and personal information on the Nigerian identification database.

The report, which raised concerns about data protection, prompted investigations by regulatory authorities.

According to the commission’s findings, a third-party entity initially authorised to provide verification services may have granted the website access to NIN verification credentials without proper authorisation.

It said the circumstances surrounding the breach are currently under investigation by the NDPC.

The statement read in part, “To address this issue, NIMC has implemented remediation protocols, including temporarily suspending all access to its database.

While necessary, this action impacted genuine verification requests.

“However, after careful review, limited access has been reinstated for select establishments providing essential public services.