Our Database was Never Breached, Says NIMC


Emma Okonji in Lagos and Oghenevwede Ohwovoriole in Abuja

The National Identity Management Commission (NIMC) has assured the Nigerian public that its database was not at any time breached.

In a statement yesterday, NIMC’s Head, Corporate Communications, Kayode Adegoke denied any breach to its servers, adding that they were fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria.

Information circulating on social media revealed that hackers had breached NIMC servers with ease and were able to access personal information of millions of Nigerians and also had access to sensitive data belonging to Nigerians.

According to the statement, “The Director-General of NIMC, Aliyu Aziz said as the custodian of the foundational identity database for Africa’s most populous nation, NIMC has gone to great lengths to ensure the nation’s database is adequately secured and protected especially given the spate of cyber-attacks on networks across the world.

“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually.”

NIMC said it had ensured maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages and maintains as critical assets for the country.

The Commission assured members of the public that it would continue to uphold the highest ethical standards in data security on behalf of the federal government and ensure compliance with data protection and privacy regulations.

The Commission, “does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go,” the statement further said.

The NIMC DG further stated that the NIMC MobileID application has no database within the app, nor does it store information in flat files.

The Commission had made this app available to members of the public to reduce and eliminate any delay or challenge(s) in accessing one’s NIN.

“The public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity.

“Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals NIN slips but rather authenticate the NIN using the approved and authorised verification platforms/channels provided,” it stated.

As part of its policies to protect personally identifiable information stored in the National Identity Database, the public may recall that the Ministry of Communications and Digital Economy through NIMC launched the Tokenisation features of the NIN verification service. This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy.

In compliance with the mandatory use of NIN for government services, the Commission also hailed the concerted efforts of several agencies such as the Joint Admissions and Matriculations Board (JAMB), the Federal Road Safety Corps (FRSC), Nigeria Immigration Services, Pension Commission (PenCom), the Nigeria Police Force, the Nigeria Correctional Service, the Nigeria Customs, and a host of others, who had streamlined their services in line with the use of National Identification Number (NIN) as the valid means of identification, the statement said.

Aziz appealed to all stakeholders to embrace the identity, enrol and receive their NINs, adding that the federal government’s efforts in providing security and economic solace for all Nigerians will be enhanced when the entire population is enrolled into the national identity database.