Sylvia Duruson
In a shocking revelation, a digital rights organization called Paradigm Initiative has uncovered a significant data breach affecting millions of Nigerians. Personal and sensitive information collected during various government exercises is now readily available on online platforms for a mere 100 naira.
The organization’s press statement specifically implicated a website called AnyVerify.com.ng, which has been operating in Nigeria’s digital space since November 2023. This platform received over 567,000 visits in February 2024 and more than 188,000 visits in April 2024.
Paradigm Initiative’s investigation revealed that AnyVerify.com.ng is involved in the commercial distribution of Nigerians’ personal and private data. The website offers a wide range of data services, including access to National Identity Numbers (NIN), Bank Verification Numbers (BVN), virtual NINs, driving licenses, international passports, company details, Tax Identification Numbers (TIN), Permanent Voter’s Cards (PVC), and phone numbers.
This data breach comes just months after an online media outlet, Fij. ng, reported on a similar unauthorized website, www.XpressVerify.com.ng, which was subsequently taken down. The emergence of AnyVerify suggests that there may be numerous other platforms engaged in similar activities.
AnyVerify claims to provide “the most reliable verification services at the cheapest prices” and lists its address in Kano. However, the website’s content is poorly written, and it provides incomplete contact information.
Gbenga Sesan, the Executive Director of Paradigm Initiative, clarified that while they cannot confirm whether AnyVerify is unauthorized, as only the National Identity Management Commission (NIMC) can make that determination, the practice of selling NIN slips for 100 naira is illegal and violates Nigeria’s Data Protection law.
Sesan expressed concern that there may be many similar platforms in operation, including those that purchase data to resell on the secondary market. He attributed this situation to the irresponsibility of the NIMC in granting access to data without proper oversight.
The unauthorized access to personal data constitutes a blatant infringement on Nigerian citizens’ privacy rights. This breach could lead to severe consequences, including identity theft, financial fraud, and other malicious activities. There are also concerns that individuals’ home addresses could be obtained by criminals, potentially putting data owners at risk of burglary, kidnapping, or terrorist attacks.
Furthermore, the availability of sensitive financial information online could undermine the stability of Nigeria’s banking system and erode public trust through fraudulent transactions. The breach of driver’s license information and other personal data may also compromise national security, as criminal elements could exploit this information for unlawful activities.
Paradigm Initiative is urging the federal government to take immediate action. They recommend conducting a thorough investigation to identify these illegal online activities and enhancing cybersecurity measures to prevent further data breaches.The organization also calls for the implementation of Nigeria’s Data Protection Act and demands that all involved government agencies release official information regarding the activities of their agents and sub-licensees.
This data breach highlights the urgent need for stronger data protection measures and increased vigilance in safeguarding citizens’ personal information. As the digital landscape continues to evolve, both government entities and private organizations must prioritize cybersecurity and ensure the privacy and security of individuals’ data.
