Emma Okonji
Following the assurances of the National Identity Management Commission (NIMC) on data security, industry stakeholders have called on the organisation to strengthen the National Identification Number (NIN) verification exercise, in order to protect citizens’ data.
The stakeholders expressed worry about the development where licensed agents for NIN verification will create their own API calls and provide services to ‘sub agents’ unknown to NIMC.
They stated that such ‘sub agents’ are allowed to carry out NIN verification on behalf of the registered agent. They said such development will not only breach citizen’s data, but will compromise national security.
Reacting to the worries of the industry stakeholders, NIMC, in a statement signed by its Head of Corporate Communications, Kayode Adegoke, assured industry stakeholders and all Nigerians of the protection of citizens’ data.
According to the statement, NIMC is aware of an alleged breach of citizens’ data by a private organisation, XpressVerify.
Part of the statement read: “The commission wishes to state that it offers NIN verification and other services through licensed partners. However, XpressVerify is not one of the commission’s licensed partners.
“We express our gratitude to our media partners and the whistle-blowers for bringing this to our attention and wish to assure Nigerians and legal residents that there is no data breach of any sort and the citizens’ data is safe and secure in the Nigeria’s national identity database.
“The Director General and Chief Executive Officer of NIMC, Abisoye Coker-Odusote has promptly ordered a comprehensive investigation into the matter to find out if any of the commission’s Tokenisation verification agents has in any way breach the licensing agreement either directly or through any of their sub-licensees,” the organisation said.
The stakeholders alleged that the sub agent uses the API provided by the licensed agent to pull information from the NIN Verification Service (NVS), and that what NIMC sees is the licensed agent’s credentials making the request, while the data actually ends up elsewhere, without NIMC’s knowledge.
They faulted a letter written to licenced agents by NIMC, which was signed by the Director/Head Business Development and commercial services, Carolyn Folami, announcing the expansion and reopening of NIN Verification Service.
According to the stakeholders, the expansion and reopening, created loopholes for NIMC’s licensed agents to contract NIN Verification Service to ‘sub agents’, thereby creating avenue for data breaches.
The letter from signed by Folani, dated February 26, 2024, and sent to all licensed agents, which THISDAY sighted, read: “Kindly be informed that the NIMC, in a renewed commitment towards enlarging the use of the NIN for verification services across all industry, has reopened the NVS for your organisations’ use for verification services.
“Also note that NIMC is working on an upgrade and further improvements on the NIN ‘Pseudonymisation’ verification services as well, which will be duly communicated.”
