NIMC confirms unauthorized access to NIN verification credentials

National Identity Management Commission (NIMC) has confirmed that a third-party company illegally gained access into its database containing National Identity Number (NIN) verification credentials.

This is just as the commission added that it has now heightened scrutiny measures for its licensees authorized to conduct the process of NIN verification in the country.

Reacting to the recent unauthorized NIN verification incident involving a company, identified as ‘expressverify.com,’ NIMC said it discovered that a third-party entity, originally authorized to provide verification services, may have allowed ‘expressverify.com’ access to NIN verification credentials.

The Head of Legal, Enforcement and Regulations, Nigeria Data Protection Commission (NDPC) Mr. Babatunde Bamigboye, in a statement disclosed that the circumstances surrounding this permission are currently under investigation.

“To address this issue, NIMC has implemented remediation protocols, including temporarily suspending all access to its database. While necessary, this action impacted genuine verification requests.

“However, after careful review, limited access has been reinstated for select establishments providing essential public services.

“Ongoing investigations aim to determine how expressverify.com obtained the credentials and establish liability according to existing laws. Consequently, data processing activities by licensees will undergo increased scrutiny, with only compliant entities permitted to conduct NIN verification.

“Additionally, NIMC will conduct intensive training sessions to ensure personnel and licensees are well-versed in the regulatory obligations outlined in the Nigeria Data Protection Act and NIMC’s Privacy Policy.

“While efforts to enhance data protection measures are underway, citizens are reminded to exercise caution when sharing personal information online to avoid potential risks,” the commission said.