The Federal Government has reacted to viral reports claiming the nation’s National Identity Management Commission, NIMC server was hacked.
News360 Info has recently reported that a cyber-tech who identified himself simply as Sam, on Monday claimed in an article that he hacked into the nation’s NIMC server and stole over three million National Identification Number, NIN of Nigerians.
Sam’s claim has stirred a barrage of reactions among Nigerians on social media, as many berated the nation’s cyber security system.
The hacker had boasted in his post on infosecwriteups.com, that he got access to ‘juice’ on the Nigerian Government agency’s server and that he could go-ahead to do whatever he desired with the sensitive data at his disposal.
Reacting, however, in a statement on Tuesday, the NIMC authority said its servers were not hacked but are fully optimized at the highest international security levels.
According to the Director-General of NIMC, Engr. Aliyu Aziz, the organization has built a robust and credible system for Nigeria’s identity database, therefore it couldn’t be possible for some hackers to have access to details of citizens.
It was understood that the official statement quoted Aziz as saying that the commission, as the custodian of the foundational identity database for Africa’s most populous nation, has gone to great lengths to ensure the nation’s database is adequately secured and protected especially given the spate of cyber-attacks on networks across the world.
The statement read partly: “Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually”.
The statement signed by NIMC’s head of corporate communications, Kayode Adegoke, explained that the possession of an individual’s NIN slip does not amount to access to the National Identity Database.
According to Aziz, NIMC had ensured maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages, and maintains as critical assets for the country.
The Commission assured the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations.
The NIMC Director-General explained that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.
It noted that the NIMC MobileID application has no database within the app, nor does it store information in flat files.
The Commission has made this app available to the public to reduce and eliminate any delay or challenge(s) in accessing one’s NIN.
The statement added: “The public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity. Under the data protection regulations, no licensed partner/vendor is authorized to scan and store copies of individuals’ NIN slips but rather authenticate the NIN using the approved and authorized verification platforms/channels provided.
As part of its policies to protect personally identifiable information stored in the National Identity Database, the public may recall that the Ministry of Communications and Digital Economy through NIMC launched the Tokenization features of the NIN verification service. This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy.”
The commission commended the concerted efforts of several Federal Government agencies such as Joint Admissions and Matriculations Board (JAMB), the Federal Road Safety Corps (FRSC), Nigeria Immigration Services, Pension Commission (PenCom), the Nigeria Police Force, the Nigeria Correctional Service, the Nigeria Customs, and a host of others, who have streamlined their services in line with the use of National Identification Number (NIN) as the valid means of identification.