NIMC claims servers are secure, denies alleged breach

National Identity Management Commission (NIMC) has denied it experienced any form of server breaches.

It said, being custodian of the most important database for Nigeria, its servers are fully optimised at the highest international security levels.

This came after an online platform reported, yesterday, that NIMC’s server was hacked and that about three million National Identification Numbers (NINs) were stolen.

But NIMC, in a statement signed by Head of Corporate Communications, Kayode Adegoke, denied any breach.

In the statement, NIMC Director General, Aliyu Aziz, said as custodian of the foundational identity database for Africa’s most populous nation, NIMC has gone to great lengths to ensure Nigeria’s database is adequately protected, especially given the spate of cyber attacks on networks across the world.

Aziz said over the years, through painstaking efforts, NIMC has built a robust and credible system for the country’s identity database.

An engineer, Aziz said the commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard, which are revalidated yearly.

“NIMC has ensured maximum security of its systems and database because of the critical nature of the identity data which the commission collects, manages and maintains as critical assets for the country.

“The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations,” he said.

The NIMC boss said the commission does not use or store information on Amazon Web Services (AWS) cloud platform or any public cloud. He said NIMC MobileID has no database within the commission’s app nor does it store information in flat files. He noted also that the commission made the app available to the public to eliminate challenges in accessing NINs.

According to him, the public should be aware that possession of a NIN slip does not equal access to the National Identity Database. “The NIN slip is just a physical assertion of a person’s identity. Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals’ NIN slips but rather authenticate the NIN, using approved and authorised verification platforms/channels provided.”

NIMC noted that as part of its policies to protect personally identifiable information stored in the National Identity Database, the public might recall that Ministry of Communications and Digital Economy, through NIMC, launched the tokenisation features of the NIN verification service.

Aziz said this solution is to safeguard personal data of individuals and ensure continuous user rights and privacy.