The National Identity Management Commission (NIMC) and Nigeria Data Protection Commission (NDPC) are investigating a report of unauthorised access to the National Identification Number (NIN) database.
This follows a Foundation for Investigative Journalism report that uncovered illegal access to NIN’s database by XpressVerify.com.
The report found that the private website had unrestricted access to every registered Nigerian’s National Identification Numbers (NIN) and personal details and has monetised the recovery of NINs and personal information.
In a statement on Sunday, NIMC disclosed that while it offers NIN verification and other services through licensed partners, XpressVerify is not one of them.
It noted that Abisoye Coker-Odusote, its director general and chief executive officer, has ordered a comprehensive investigation to determine whether any of the commission’s tokenisation verification agents has breached the licensing agreement either directly or through any of their sub-licensees.
“Top-level security is in place to protect the NIN and other personal data of every citizen and legal resident,” the commission said. It added that it has not recorded a data breach yet.
On its part, the NDPC disclosed that NIMC has agreed to cooperate with it as they both try to get to the root of the allegation and review existing mediums through which any entity may lawfully verify the identity of enrollees on NIMC’s platform.
“NDPC will work with relevant agencies to audit the trails of the alleged unauthorized data processing and monetization of same, and those who are found culpable for violating the Nigeria Data Protection Act, 2023 will be brought to justice,” it stated.
The commission added that the preliminary findings of the investigation would be made public within seven days.