Connect with us

Hi, what are you looking for?

News

NIMC Allays Server Breach Claims Says Nigerians’ Data Safe

The National Identity Management Commission Commission (NIMC) has dispelled claims of server breaches that recently made the rounds on social media.

It was reported that suspected hackers claimed to hacked into the server of the National Identity Management Commission NIMC and stolen three million National Identity Numbers of Nigerians.

In its report, SaharaReporters reported that the hacker disclosed how easy it was for him to breach the NIMC server and access personal information of millions of Nigerians in an article he shared on a website.

The report says the hacker boasted that he got access to “juice” on the Nigerian Government agency’s server and that he could go ahead to do whatever he desired with other sensitive data at his disposal.

Displaying a defaced National Identity card of a Nigerian alongside the article, the hacker was said to have written:

“I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice. I just simply got access to their (Nigeria) data of internal files, users and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice.

I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more. I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.

I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data”

But, the Federal Government has debunked the claims.

In a statement on Tuesday, Engr. Aliyu Aziz, Director-General of NIMC said the servers were not hacked.

He said they were fully optimised at the highest international security levels.

Part of the statement read: “Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually”.

“Also the possession of an individual’s NIN slip does not amount to access to the National Identity Database.”

The Commission assured Nigerians that it will continue to uphold the highest ethical standards in data security on behalf of the Government to ensure compliance with data protection and privacy regulations.

The NIMC Director-General also explained that the Commission does not use nor store information on the AWS cloud platform or any public cloud.

The Commission reassured the public that the possession of a NIN slip does not give access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity.

“Under the data protection regulations, no licensed partner/vendor is authorized to scan and store copies of individuals NIN slips but rather authenticate the NIN using the approved and authorized verification platforms/channels provided.

“As part of our policies to protect personally identifiable information stored in the National Identity Database, the Ministry of Communications and Digital Economy through NIMC had launched the Tokenization features of the NIN verification service. This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy,” the statement added.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

Tech

In the lead up to Anambra Innovation Week 2024, in a landmark collaboration poised to position Anambra State as Africa’s Silicon Valley, the United...

Tech

European Union has fined Meta nearly €800 million for violating antitrust laws by automatically granting Facebook users access to its classified ads service, Facebook...

Tech

Technology experts at the Africa Tech Alliance Forum (AfriTECH 4.0) held in Lagos State-Nigeria, recently, highlighted the transformative potential of blockchain and AI in...

Business

Commander Mitchell Ofoyeju, the Tincan Island Port Commander of the National Drug Law Enforcement Agency (NDLEA), has expressed his admiration for QNET for championing...