NIMC denounces NIN, BVN data breach allegations, warns Nigerians against phishing sites

The National Identity Management Commission (NIMC) has firmly denied allegations that the NIN and BVN data of Nigerian citizens has been compromised. In a press statement released Saturday, June 22, the Commission assured the public that no data breach has occurred and reiterated its commitment to safeguarding citizens’ information.

“NIMC assured the public that the data of Nigerians has not been compromised,” Kayode Adegoke, Head of Corporate Communications, said. “The Commission has not authorised any website or entity to sell or misuse the National Identity Number (NIN) or any identities“, the statement adds.

This is coming after Paradigm Initiative revealed that the personal details of Nigerians are readily available on online platforms for just ₦100.

In a report by Technext, the Executive Director of Paradigm Initiative, Gbenga Sesan clarified that the organisation is not claiming that AnyVerify (mentioned as one other platform selling Nigerians’ data) is unauthorised since only the NIMC can confirm or deny such.

However, AnyVerify’s practice of selling NIN slips of others for ₦100 is illegal and violates Nigeria’s Data Protection law. It is the responsibility of any verification company to put guards in place to avoid abuse, but AnyVerify refused to do that and NIMC has failed to sanction them.

Executive Director of Paradigm Initiative, Gbenga Sesan

The Commission identified several websites, including idfinder.com.ng, Verify.Ng/signin, championtech.com.ng, trustyonline.com, and anyverify.com, as unauthorised data harvesters.

NIMC warned the public against providing personal data to these sites, labelling them as potentially fraudulent.

“These websites are data harvesters not authorised by NIMC to access or manage sensitive data,” Adegoke said.

The public should disregard any claims or services these websites offer and should not give their data as they are potentially fraudulent.

Head of Corporate Communications, NIMC, Kayode Adegoke

NIMC highlighted the robust measures to protect the nation’s database from cyber threats. The Commission’s infrastructure meets the stringent ISO 27001:2013 Information Security Management System Standard, with annual recertification and strict compliance with the Nigerian Data Protection Law.

“We have a secure, world-class, full-proof database in place,” Adegoke emphasised. “NIMC advises Nigerians to avoid giving their data to unauthorised and phishing sites to prevent data harvesting and compromising individual data.”

NIMC noted that licensed partners or vendors are not authorised to scan or store NIN slips. They are only permitted to verify NINs through approved channels. The Commission says it is collaborating with security operatives to apprehend those masquerading as online vendors and will ensure they face legal consequences.

“The Commission is working closely with security operatives to apprehend these elements masquerading as online vendors,” Adegoke affirmed. “They will be made to face the full wrath of the law.“

NIMC urged the public to remain vigilant against false information and rely on verified sources for accurate updates. The Commission reiterated its commitment to providing secure and reliable identity management and maintaining the highest level of security for its systems and databases, which are critical national assets.

“We remain committed to upholding ethical standards in data protection in line with federal government directives and data privacy regulations,” Adegoke concluded.

However, Sesan expressed his suspicion that there are many such platforms out there, including those who may buy such data to resell on the secondary market, a situation he attributed to the irresponsibility of the NIMC.

“This is a situation of an irresponsible NIMC giving access, through APIs and other channels, to the data in their custody without ensuring oversight. This also rests on the Nigeria Data Protection Commission (NDPC) because when the case of XpressVerify was reported, they simply slapped NIMC on the wrist,” he said.