The National Identity Management Commission has taken steps to limit its licensed agents’ access to the National Identification Number database in response to an ongoing investigation into unauthorized access by expressverify.
This development was revealed in a statement issued on Friday by the Nigeria Data Protection Commission, which is probing a data breach incident at NIMC.
According to NDPC, the investigation suggests that a third party, initially authorized to provide verification services to citizens and legitimate businesses, may have permitted expressverify.com to utilize its NIN verification credentials for verification purposes.
While the circumstances surrounding this authorization are still being investigated, Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at NDPC, stated that NIMC, as part of its remediation efforts, has suspended all forms of access to its database. However, this action has affected legitimate and essential verification requests.
The ongoing investigation by relevant agencies aims to determine how expressverify.com obtained credentials from authorized third parties and ascertain the culpability of individuals involved in accordance with existing laws.
NDPC emphasizes the importance of the NIN for sustainable development and urges citizens to ensure their identification in various development frameworks while reinforcing technical and organizational measures to safeguard this data.
Dr. Vincent Olatunji, National Commissioner of NDPC, initiated a comprehensive investigation following public concerns over reports of illegal access to enrollees’ personal data by XpressVerify.com. NIMC has also launched an internal investigation and pledged full cooperation with NDPC to address the allegations and review lawful means of verifying enrollees’ identities.
NDPC will collaborate with relevant agencies to audit the trails of unauthorized data processing and its monetization. Individuals found to have violated the Nigeria Data Protection Act, 2023, will face legal consequences. Earlier reports by FIJ alleged that expressverify.com had unrestricted access to NINs and personal details of registered Nigerians and monetized the retrieval of this information from the national identification database.
