The Nigeria Data Protection Commission (NDPC) has launched a comprehensive investigation into allegations of privacy breaches within the National Identification Number (NIN) database managed by the National Identity Management Commission (NIMC).
In response to growing public concerns regarding reports of unauthorized access to personal data by a purported entity named XpressVerify.com, Dr. Vincent Olatunji, the National Commissioner of NDPC, has ordered a thorough inquiry into the matter.
According to a statement issued by Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations at NDPC, the commission is committed to uncovering the truth behind the alleged breach and holding responsible parties to account.
While acknowledging that NIMC has initiated its own internal investigation, NDPC has pledged full cooperation to ensure a comprehensive review of existing verification mechanisms and safeguard enrollees’ identities on the platform.
“We are closely collaborating with NIMC to investigate these allegations and will leave no stone unturned in our quest for accountability. Any individual or entity found to have violated the Nigeria Data Protection Act, 2023 will face appropriate legal consequences,” stated NDPC.
Furthermore, NDPC has announced its intention to collaborate with relevant agencies to audit the alleged unauthorized data processing and monetization activities. Those implicated in any wrongdoing will be prosecuted in accordance with the law.
To ensure transparency and accountability, the National Commissioner has directed that preliminary findings of the investigation be made public within seven days.
The allegations surfaced following a report by the Foundation for Investigative Journalism (FIJ), which claimed that XpressVerify.com had unrestricted access to NINs and personal details of registered Nigerians. The website purportedly monetized the retrieval of NINs and personal information from the national identification database.
According to FIJ’s report, XpressVerify facilitated the extraction of phone numbers, full names, addresses, photographs, and other sensitive information from the database for a fee as low as N200. The lack of restrictions on access raised significant privacy concerns and highlighted potential vulnerabilities in NIMC’s data management practices.
Under Section 14 of the NIMC Act 2007, NIMC is mandated to oversee the creation, management, maintenance, and operation of the National Identity Database. The ongoing investigation seeks to ensure compliance with these statutory responsibilities and uphold the privacy rights of Nigerian citizens.