The World Bank has so far disbursed $45.5 million to Nigeria’s National Identity Management Commission (NIMC) under the Digital Identification for Development (ID4D) project aimed at increasing National Identification Number (NIN) registrations. However, this financial support has coincided with growing concerns over the security of the NIN database and other government databases, as reports have emerged of Nigerians’ data being sold online.
According to the project’s implementation report, the funds were distributed in multiple tranches between December 2021 and April 2024, with disbursement ongoing. The $45 million released to date represents about 10.5% of the total project cost of $430 million. Despite a June 1, 2024, deadline to enroll 148 million Nigerians for the NIN, only 107.3 million NINs had been issued by April, prompting the World Bank to rate the project’s progress as ‘moderately satisfactory’.
The release of funds, a mix of loans and grants, was contingent on the institutionalization of data protection measures. The World Bank noted that Nigeria unlocked the funding by passing the Nigeria Data Protection Act in June of the previous year, which guarantees the protection of collected data.
However, Paradigm Initiative, an organization advocating for data rights in Africa, raised concerns about the security of Nigerians’ data despite the data protection law. They highlighted that data from the NIN, BVN, international passports, and other government databases were being sold online. The Executive Director, Mr. Gbenga Sesan, provided evidence by purchasing NIN slips of high-profile individuals for N100 each, demonstrating the data’s availability.
The data breach poses significant security risks, as highlighted by Paradigm Initiative’s director. Personal information such as home addresses included in the NIN slips could lead to criminal activities like kidnapping.
As of the report’s filing, the Nigeria Data Protection Commission (NDPC) had not responded to the issue, while NIMC insisted that Nigerians’ data remained secure, despite acknowledging illegal data-harvesting websites. NIMC assured the public that their database is protected by stringent security measures and complies with international standards.
Earlier allegations in March suggested that the website expressverify.com had access to the NIN database and personal details of registered Nigerians. This led NIMC to restrict third-party database access, and the NDPC initiated investigations. Although expressverify.com was shut down, recent findings by Paradigm Initiative indicate that unauthorized access to various government databases continues, with another site, AnyVerify.com.ng, also being taken down after similar activities were discovered.
Credit: Nairametrics (Text Excluding Headline)
