World Bank has disbursed $45.5 Million to NIMC for Nigeria’s ID4D project amid data security worries.
NewsOnline Nigeria reports that the World Bank has so far disbursed a total of $45.5 million to the National Identity Management Commission (NIMC) under the Digital Identification for Development (ID4D) project aimed at enrolling more Nigerians for the National Identification Number (NIN).
This comes amidst recent concerns that the NIN database and other government agencies’ databases are not secured as Nigerians’ data are being purchased online.
According to the project’s implementation report published by the Bank, the fund was disbursed in multiple tranches between December 2021 and April 2024 and disbursement is still ongoing.
ALSO: Court Freezes N1.1 billion Linked to Former Globus Bank Staff Accused of Cybercrime
The $45 million so far released represents about 10.5% of the total project’s cost, which is put at $430 million.
While the June 1, 2024 deadline set for the enrollment of 148 million Nigerians for the NIN has passed and Nigeria is still lagging, the Bank described the progress of the project so far as ‘moderately satisfactory’. NIMC recently disclosed that 107.3 million NIN had been issued as of April this year.
Data collection and privacy breach concerns
The release of funds for the project which comprise a combination of loans and grants was predicated on the institutionalization of data protection.
According to the World Bank, Nigeria was able to unlock the release of funding for the project with the passing into law of the Nigeria Data Protection Act in June last year, which is a guarantee that all the data being collected will be adequately protected.
However, Paradigm Initiative, an organization advocating for data rights across Africa has queried the security of Nigerians’ data despite the existence of a data protection law. This came on the hills of a recent discovery that some websites are selling the data of Nigerians extracted from the NIN, BVN, international passport, and other government databases.
According to the Executive Director of Paradigm Initiative, Mr. Gbenga Sesan, contrary to Saturday’s warning by NIMC that Nigerians should desist from sharing their data with fraudulent websites, the data being sold on the websites were sourced directly from the government’s databases.
“The problem is not Nigerians because we were able to confirm that what they were selling is NIMC’s data and we have proof. We got the NIN slip of the Minister of Communications, Innovation, and Digital Economy, Dr. Bosun Tijani. We got the NIN slip of the number one data regulator in Nigeria, Dr. Vincent Olatunji. We bought them for N100 each to demonstrate that this is not a joke,” he said.
Security implications
While noting that the Nigeria Data Protection Commission (NDPC) has not been doing enough to protect Nigerians’ data, the Paradigm Initiative Director said the data breach has grave security implications for all Nigerians.
“The real implication is that people can get a SIM with your NIN. One of the problems that we found is that when we bought the NIN slip, the home address of the Minister was listed there, not just the NIN. Basically, if someone wants to kidnap you, he can just pay for your NIN slip and get your home address,” he said.
As of the time of filing this report, the NDPC has yet to react to the issue. A spokesperson of the Commission who was asked for comments said the Commission would soon come up with an official response.
NIMC insists Nigerians’ data is safe
Responding to the allegation of data breach for the second time within three months, NIMC debunked the claims that Nigerians’ sensitive data were being compromised, even though it admitted that there were websites ‘harvesting data illegally’.
“At this moment, the Commission assures the public that the data of Nigerians has not been compromised, and the Commission has not authorized any website or entity to sell or misuse the National Identification Number (NIN) amongst all the identities stated in the report.
“The public should know that the Commission has taken robust measures to safeguard the nation’s database from cyber threats- a secure, world-class, full-proof database is in place. The commission’s infrastructure meets the stringent ISO 27001:2013 Information Security Management System Standard, with annual recertification and strict compliance with the Nigerian Data Protection Law,” NIMC’s Head of Corporate Communications, Kayode Adegoke, said in a statement.
Earlier in March, NewsOnline Nigeria reported that expressverify.com, a private website, has unrestricted access to the NIN database and personal details of every registered Nigerian.
It added that the website has monetized the recovery of NINs and personal information on the Nigerian identification database.
This prompted the NIMC to restrict third-party access to its database as the NDPC launched investigations into the alleged breach. The website, expressverify.com, was also brought down.
However, the latest discovery by Paradigm Initiative indicates that unauthorized third parties still have access to Nigerians’ databases and not just the NIN, but BVN, Dirvers’ Licence, and International Passports, among others.
Meanwhile, checks revealed that the latest website uncovered, AnyVerify.com.ng, has also been brought down. A visit to the website by NewsOnline Nigeria earlier before it was yanked off, showed that the site was dealing with different data of Nigerians and claims to help people verify the data.