NameCheap, a prominent web hosting service, has suspended the operations of XpressVerify, a Nigerian website implicated in the commercial exploitation of Nigerians’ data.
FIJ Nigeria reported over the weekend that XpressVerify had “unrestricted access to the National Identification Numbers (NINs) and personal details of every registered Nigerian.”
For a fee of N200, the company provided personal information registered with the National Identity Management Commission (NIMC) for NIN, including phone numbers, full names, NIN, addresses, and photographs.
Following the public uproar triggered by the report of this alleged data privacy violation, NameCheap confirmed that it had suspended the website’s domain.
“The domain has been suspended. Thank you for reporting the issue,” NameCheap stated.
Techmoonshot’s verification confirmed the website’s inaccessibility at the time of this report.
Mr. Bosun Tijani, the Minister of Communications, Innovation and Digital Economy, when approached for comments, clarified that NIMC was no longer under his ministry. However, he assured that the National Data Protection Commission (NDPC) would collaborate with NIMC to thoroughly investigate the matter.
“NIMC is no longer under @FMCIDENigeria but our @ndpcnger will work with colleagues at @nimc_ng to investigate this immediately. Thanks for sharing,” Mr. Tijani remarked.
During the height of the COVID-19 pandemic and subsequent lockdowns in 2020, Mr. Ali Pantami, the predecessor to Mr. Tijani, mandated all Nigerians to register for a National Identification Number (NIN), citing its importance in addressing security challenges within the country.
He implemented a policy to disconnect phone lines that were not linked to a NIN, leading to widespread panic. This directive compelled many Nigerians to flout COVID-19 social distancing guidelines, which advised maintaining a distance of about one to two meters between individuals, as they rushed to register for their NIN.
In response to the recent concerns raised about the safety of Nigerians’ data following the XpressVerify issue, the National Identity Management Commission (NIMC) issued a statement through its Head of Corporate Communications, Mr. Kayode Adegoke. The statement aimed to reassure the public about the security of their personal information, clarifying that the commission engages in NIN verification and other services via officially licensed partners, and XpressVerify was not among these authorized entities.
The commission expressed its appreciation for the vigilance of the media and whistleblowers in highlighting the issue and reiterated its commitment to ensuring the integrity and security of the national identity database. “We wish to assure Nigerians and legal residents that there is no data breach of any kind and the citizens’ data remains safe and secure within Nigeria’s National identity database,” the statement emphasized.
Furthermore, NIMC’s Director-General and CEO, Engr. Abisoye Coker-Odusote has initiated a thorough investigation to determine whether any of the commission’s tokenization verification agents have violated the licensing agreement, whether directly or indirectly through their sub-licensees.
