Learn the true story of the alleged NIMC hack that went viral online.
The issue of data security is one consistent problem with most organisations that deal directly with data.
It is important because of the efficacy of holding people’s information and the havoc it can cause in society.
2021 came, and Nigerians were mandated to get and register their National Identity Number (NIN).
At the end of the year, 71 million Nigerians were registered.
The registration includes people providing personal information, which made many concerned for their privacy.
Hence, the existence of NIMC, which had been existing since 2007.
It was established to own, operate, manage, maintain the database of everyone in Nigeria.
And so when a Nigerian hacker came out with claims to have found a bug on NIMC, questions were thrown in the way of NIMC.
The Nigerian hacker, known as Sam, lay claims that there was a bug on the NIMC server and could breach the server.
And this granted him access to the personal information of millions of Nigerians.
He explained through a Medium post that this occurred when he was trying to decompile an application he was working on.
Alongside his claim, he posted a picture of data he obtained, a nation identity slip from NIMC with blurred out details.
After his claims, many controversies concerning the security of information of millions of Nigerians have made waves.
And many blogs and news platforms have carried the report, which furthers questions the credibility of NIMC.
In response to these controversies online and claims, NIMC yesterday released a statement.
NIM response statement
As the company’s representative, Kayode Adegoke, NIMC’s Head of Corporate Communications, released a statement on the issue.
In his statement, he assured Nigerians that there wasn’t any breach.
The statement summarised that the server was fully optimised at the highest international level of security.
Further, it says that NIMC has gone to great lengths to secure and protect the nation’s database.
Also, the statement was an inclusion of the new year declaration message by the Director-General of NIMC, Engr Aliyu Aziz.
He said, “as the custodian of the foundational identity database for Africa’s most populous nation, NIMC has gone to great lengths to ensure the nation’s database is adequately secured and protected, especially given the spate of cyber-attacks on networks across the world”
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database.”
Also, Adegoke had explained that because of the critical nature of identity data, NIMC does annual revalidation.
And its infrastructure is certified to the ISO 27001:2013 Information Security Management System Standard.
“The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations,” the statement said.
Also, the statement said that NIMC doesn’t use the AWS cloud platform to store information despite the app being available to the public for registration.
And so, even though the app is used, NIMC doesn’t have any database within the app.
Aziz further speaks on the NIN slip and gives a solution to ensure continuous user rights and privacy.
“The public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity.
“Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals’ NIN slips but rather authenticate the NIN using the approved and authorised verification platforms/channels provided.
“As part of its policies to protect personally identifiable information stored in the National Identity Database, the public may recall that the Ministry of Communications and Digital Economy through NIMC launched the tokenisation features of the NIN verification service,” the statement read.
He explained further that the solution was to ensure the safety of people and safeguard their personal information.
“In compliance with the mandatory use of NIN for governmen” services, the commission also hails the concerted efforts of several Federal Government agencies such as Joint Admissions and Matriculations Board (JAMB), the Federal Road Safety Corps (FRSC), Nigeria Immigration Services, Pension Commission (PenCom), the Nigeria Police Force, the Nigeria Correctional Service, the Nigeria Customs, and a host of others, who have streamlined their services in line with the use of National Identification Number (NIN) as the valid means of identification.
“While wishing all Nigerians and legal residents a happy and prosperous new year 2022, Engr Aziz appealed to all stakeholders to embrace the identity, enrol and receive their NINs.”
Expert claim: The Truth
Techuncode did a further check to confirm the story’s authenticity and gain more clarification.
We found out that there was a NIMC hack, and the reported NIN theft, which was reported, didn’t happen.
But instead, it was a casual discovery of the NIN slip of a random individual found on the Tecno servers.
Tecno was the organisation that launched the programme to find loopholes in their security systems, and the leak has since been fixed.
Also, an expert claims that there was a breach but not from NIMC.
Confirming this, hours later, the hacker reiterates his claims that the portal of the leak wasn’t from NIMC but a Tecno mobile.
And the bug was reported to Tecno, and it was fixed.