Following the reported data breach at the National Identity Management Commission (NIMC) portal, indications have emerged that registration of fresh candidates for the National Identification Number (NIN) may face some hitches.
This follows the reported incident of unauthorised National Identification Number (NIN) verification by expressverify.com.
This was disclosed in a statement released on Friday by the Nigeria Data Protection Commission (NDPC), which is investigating the incidence of data breach at NIMC which an investigation revealed may have been authorised to provide verification services from a third party.
They said the culprits must be brought to book by the Commission to sanitise the ecosystem and guard against further cyber attacks especially on businesses and organisations.
While noting that the circumstances surrounding this permission were still under investigation, the Commission in a statement by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, said: “To remedy this incident, the National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database.
“Though necessary, barring all forms of access affected all genuine and crucial verification requests.
“After a painstaking review, limited access has been granted to a few establishments that are providing pivotal public services such as education and security.”
The NDPC added that the ongoing investigation by relevant agencies would establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.
“At the moment, data processing by licensees generally are to be scrutinised and only those that are cleared based on credible evidence of regulatory compliance will be permitted to carry out NIN verification going forward.
“Furthermore, a series of intensive training will be conducted to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy, and other relevant regulatory protocols,” it said.
The NDPC calls on members of the public to see NIN as essential data for sustainable development.
According to the Commission, while existing technical and organisational measures are being strengthened to ensure the protection of this data, citizens need to ensure that they are not left unidentified in various frameworks for development.
The National Commissioner of the Commission of the NDPC, Dr. Vincent Olatunji, had earlier this month ordered a full-scale investigation in the wake of public concerns over reports of illegal access to personal data of enrollees by a shadowy entity called XpressVerify.com.
The Commission added that NIMC had also initiated an internal investigation and gave full assurances of cooperation with NDPC to get to the root of the allegation and to review existing mediums through which any entity may lawfully verify the identity of enrollees on its platform.