FIJ's recent investigation uncovered a startling breach at the National Identity Management Commission (NIMC), revealing how personal data of registered Nigerians fell into the hands of fraudulent verification agents.
Contrary to the NIMC Act 2007, XpressVerify.com, a private website, gained unrestricted access to National Identification Numbers (NINs) and sensitive personal details.
Following FIJ's report, Namecheap, the domain registrar of XpressVerify.com, swiftly suspended the website, preventing further unauthorized access. However, NIMC's response raises more questions than answers. While distancing itself from XpressVerify, NIMC launched an internal probe into the breach.
Insiders have since disclosed that NIMC's involvement in the breach goes deeper. The NIN Verification Service (NVS), reinstated by NIMC, allowed unlicensed parties access to all data on the NIN database. NIMC staff members allegedly profited from these unauthorized accesses.
President Bola Tinubu's appointment of Abisoye Coker-Odusote as NIMC's CEO saw the NVS's controversial revival, despite previous audits highlighting its vulnerabilities. Documents obtained by FIJ reveal directives from Carolyn Folami, head of business development at NIMC, instructing verification service agents to resume NVS operations.
Critics argue that this move undermines data security and violates users' privacy rights. An anonymous NIMC staff member expressed concerns about the reckless handling of sensitive data, accusing the current leadership of prioritizing personal gain over public interest.
As the investigation unfolds, questions loom over NIMC's accountability and commitment to data protection. Stay tuned as FIJ continues to uncover the truth behind this alarming breach.
