The National Identity Management Commission (NIMC) has barred third-party agents from access to its database.
This follows the reported incident of unauthorised National Identification Number (NIN) verification by expressverify.com, which an investigation revealed may have been authorised to provide verification services from a third party.
Read also: NIMC, NCC partner to boost NIN verification process
This was disclosed in a statement signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, Nigeria Data Protection Commission (NDPC). The data commission revealed that the circumstances surrounding this permission are still under investigation.
Bamigboye said, “To remedy this incident NIMC in line with established remediation protocols, barred all forms of access to its database.
“Though necessary, barring all forms of access affected all genuine and crucial verification requests. After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.”
The head of legal NDPC disclosed that the ongoing investigation by relevant agencies into the breach seeks to establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.
Now, verification by licensees will be scrutinised and only cleared based on credible evidence of regulatory compliance.
“Furthermore, a series of intensive trainings will be conducted to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy, and other relevant regulatory protocols,” Bamigboye stated.
Earlier in March, the Foundation for Investigative Journalism reported that it uncovered illegal access to NIN’s database by XpressVerify.com. The report revealed that the private website had unrestricted access to every registered Nigerian’s NIN and personal details and had monetised the recovery of NINs and personal information.
Read also: NDPC investigates alleged Privacy Breach at NIMC
At the time, NIMC and NDPC announced an investigation into this claim. The NDPC said it “will work with relevant agencies to audit the trails of the alleged unauthorised data processing and monetization of same, and those who are found culpable for violating the Nigeria Data Protection Act, 2023 will be brought to justice.”
