The National Identity Management Commission (NIMC) has assured Nigerians that its servers were not breached but fully optimised at the highest international security levels, as the custodian of the most important national database for Nigeria.
NIMC’s Head of Corporate Communications, Kayode Adegoke, gave the assurance in a statement on Monday amid reports that the agency’s server had been breached.
“Making this declaration in his new year message, the Director-General of NIMC, Engr Aliyu Aziz, said as the custodian of the foundational identity database for Africa’s most populous nation, NIMC has gone to great lengths to ensure the nation’s database is adequately secured and protected, especially given the spate of cyber-attacks on networks across the world,” said the statement by Adegoke.
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database.”
A hacker identified as Sam had on Monday claimed that he successfully found a bug on the NIMC server, saying it was easy for him to breach the server and access the personal information of millions of Nigerians.
He explained that he came across the information in a bid to decompile some applications he was working on.
The hacker reportedly posted the data he obtained in the process — a copy of the national identity slip from NIMC but defaced it to hide vital information about the owner.
The NIMC boss, on his part, stressed that the commission and its infrastructure were certified to the ISO 27001:2013 Information Security Management System Standard, and revalidated annually.
According to him, the commission has ensured maximum security of its systems and database because of the critical nature of the identity data which the NIMC collects, manages, and maintains as critical assets for the country.
“The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations,” the statement said.
Aziz stated that the commission does not use nor store information on the AWS cloud platform or any public cloud, despite the NIMC mobile app available to the public for accessing their NIN on the go.
He insisted that the NIMC mobile ID application has no database within the app, neither does it store information in flat files.
“The public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity.
“Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals’ NIN slips but rather authenticate the NIN using the approved and authorised verification platforms/channels provided.
“As part of its policies to protect personally identifiable information stored in the National Identity Database, the public may recall that the Ministry of Communications and Digital Economy through NIMC launched the tokenisation features of the NIN verification service,” the statement read.
He added, “This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy.
“In compliance with the mandatory use of NIN for government services, the commission also hails the concerted efforts of several Federal Government agencies such as Joint Admissions and Matriculations Board (JAMB), the Federal Road Safety Corps (FRSC), Nigeria Immigration Services, Pension Commission (PenCom), the Nigeria Police Force, the Nigeria Correctional Service, the Nigeria Customs, and a host of others, who have streamlined their services in line with the use of National Identification Number (NIN) as the valid means of identification.
“While wishing all Nigerians and legal residents a happy and prosperous new year 2022, Engr Aziz appealed to all stakeholders to embrace the identity, enrol and receive their NINs.”