The Nigerian Identity Management Commission (NIMC) is under a data breach investigation after a startup got unrestricted access to the NIN data of 100 million Nigerians.
XpressVerify is the name of the company known to have gotten access to the database. Moreover, according to a publication, the company is currently monetizing its access to the database, earning significant income through the NIN breach.
“if NIMC is found guilty of negligence, there will be penalties. In South Africa last year, the data protection agency fined the Ministry of Justice over a data breach. Nobody is above the law,” says the National Commissioner of the Nigerian Data Protection Commission (NDPC), Dr. Vincent Olatunji.
However, this is not the first time the NDPC has accused the NIMC of negligence. In 2021, NDPC made some accusations against the NIMC stating that it was negligent of the fact that a self-service app for identity verification was breached, and the stolen data was sold on the dark web.
The NIMC denies these accusations, but there are shreds of evidence, showing vulnerabilities in their system.
The NDPC has carried out its investigation into the issue and will release the report soon. Although we are yet to confirm what went on, the commissioner is stating that it was one of the NIMC agents who was trying to work with the company, indirectly causing some issues along the way.
If found guilty, the culprit may face a ₦10 million fine or 2% off their annual gross revenues, according to the Nigeria Data Protection Act. However, the NDPC states that government entities such as NIMC may not face direct punishment, but individuals and companies involved will.
