Data for N100: Head of IT says NIMC not compromised, blames breach possibility on ‘licensed partners’

Ejike Kanife
He said licensed agencies access NIMC’s data and suggested that some individuals or organisations may have harvested data from them
Nigerians Will Pay 17% of Minimum Wage for National ID Card Renewal, but NIMC Should Prioritise Solving NIN Challenges

As Nigerians continue to react to a report by Paradigm Initiative that a possible data breach has made the sensitive data of Nigerians like their NIN obtainable online for just 100 naira, the Director of IT of Nigeria’s Identity Management Commission (NIMC), Engineer Lanre Yusuf has blamed the possibility of a breach on “licensed partners”.

Engineer Yusuf said this while appearing as a guest on a monitored TV show this morning. According to him, there is no noticed breach within the commission’s data system. Yusuf however admitted that the commission has licensed verification partners who rely on NIMC’s data to provide verification services for authorized users.

He said these agencies access NIMC’s data through APIs and suggested that the reported data for N100 sellers may have harvested data from these verification partners to sell:

So rightfully, licensed people will have access to our data. But as you can see, it is like we have a market square whereby some individuals and organisations have harvested data from different organisations and are in the marketplace trying to sell to interested buyers,” he said.

Data breach: NIMC head of IT blames possible breach on ‘licensed people’
Engr Lanre Yusuf. Credit: id4Africa

See also: NIN, BVN of Nigerians sold online for just 100 naira- Paradigm Initiative

He explained that data harvesting is a new terminology in the identity ecosystem. And that the concept did not exist until recently. He added that data is the new oil and that the commission understands the imperative to protect citizens’ data and securely store them in a protected environment.

He also noted that the commission is presently working on additional ways to protect the data that it houses from future attacks.

NIMC says paraded Bosun Tijani’s NIN slip fake

NIMC’s Head of Corporate Communications, Kayode Adegoke also described the claim that the NIN slip of the Minister of Communication and Digital Economy, Dr Bosun Tijani was purchased online as a “false narrative”.

Also speaking on the same TV programme, Kayode insisted that the NIN slip obtained on an unauthorized platform (AnyVerify.com.NG) does not belong to the Minister.

That is not our NIN slip. When you get home compare the NIN slip that was given to you with the one being paraded online, you will see that is a fake slip. I have a question for Mr Gbenga Sesan (Paradigm Initiative’s Executive Director). He said he purchased the honourable minister of communication’s NIN slip online at 100 naira. First and foremost, why did he not purchase his own NIN slip? Why that of the minister? The NIN slip purportedly paraded is fake,” he said.

Data breach: NIMC head of IT blames possible breach on ‘licensed people’
Kayode Adegoke

Mr Adegoke noted that the said NIN slip cannot be used to access any government service as the information it conveys is false. And, without its verification and authentication abilities, the slip is useless.

According to him, because of their level of enlightenment, many Nigerians find it difficult to understand how NIMC’s digital identity management system functions. He provided some context:

First when you obtain your NIN, the data on your NIN is stored on our database. And anytime you want to access any government service, for instance, you want to buy a SIM card, that NIN you have presented will be verified and authenticated. And I want to tell Nigerians that data is not only the demographic data that you see. Data surpasses that.”

He added that the NIN slip is merely a token of enrollment given to citizens when they enrol for their identification number. Hence, it does not translate to citizens’ data and it is not easily transferrable and purchasable:

If you take someone else’s NIN to register for a SIM card, that NIN will be verified with your fingerprint and iris to find out if truly you are the one. Things can be fact-checked. The NIN must be verified because it is a digital token. It is not an analogue token that anybody can just parade around,” he concluded.


Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!