The Nigeria Data Protection Commission stated that it is increasing its examination of the licensees of the National Identity Management Commission after a website called “expressverify” violated data protection rules by obtaining National Identification Number verification credentials without permission.
This information was revealed in a statement found on NDPC’s official account on Friday.
The website was found to have unrestricted access to NINs and personal details of Nigerians registered in the nation’s identity database managed by NIMC.
On March 16, the Foundation for Investigative Journalism reported that the website made money from retrieving NINs and personal information from the Nigerian identification database.
The report, which raised concerns about data protection, prompted investigations by regulatory authorities.
According to the commission’s findings, a third-party entity initially authorized to provide verification services may have given the website access to NIN verification credentials without proper authorization.
It said the circumstances surrounding the breach are currently under investigation by the NDPC.
The statement read in part, “To address this issue, NIMC has implemented remediation protocols, including temporarily suspending all access to its database.
While necessary, this action impacted genuine verification requests.
“However, after careful review, limited access has been reinstated for select establishments providing essential public services.
“Ongoing investigations aim to determine how expressverify.com obtained the credentials and establish liability according to existing laws.
“Consequently, data processing activities by licensees will undergo increased scrutiny, with only compliant entities permitted to conduct NIN verification.
“Additionally, NIMC will conduct intensive training sessions to ensure personnel and licensees are well-versed in the regulatory obligations outlined in the Nigeria Data Protection Act and NIMC’s Privacy Policy.
The NDPC has also urged the public to recognize the importance of the NIN for sustainable development.
“While efforts to enhance data protection measures are underway, citizens are reminded to exercise caution when sharing personal information online to avoid potential risks,” the statement added.
Last week, Paradigm Initiative, a civil society organization, called for immediate action from NIMC and NDPC in response to the privacy breach.
The initiative said the breach was considered a violation of both the National Data Protection Act and citizens’ constitutional right to privacy.
Paradigm Initiative, in a statement, emphasized the urgency of intervention from NIMC and the NDPC to address this violation of citizens’ privacy rights.
“The NDPC must swiftly investigate this matter, holding accountable all parties involved in compromising the security of the National Identity Database,” it said