Gbenga Sesan, the Executive Director of Paradigm Initiative, has revealed that his organisation bought Minister Bosun Tijani’s National Identification Number (NIN) slip for just N100.
Sesan said this on Monday while explaining a data breach and privacy concerns with Nigeria’s vulnerable identification database on News Central TV.
“NIMC’s statement (published on Saturday) suggests that it is Nigerians who are giving their data to these fake websites, but this is NIMC’s data, and we now have proof. We got the NIN slip of the minister, Dr Bosun Tijani; we got the NIN slip of the number one data regulator in Nigeria, Dr Vincent Olatunji,” Sesan said on Monday.
“We bought them for N100 each to demonstrate that this is not a joke. It basically means that your identity is for sale for N100. The real implication is that anything we can do with a NIN slip, we can get a SIM card with that. Who knows if anyone has the President’s SIM card right now. Or the National Security Adviser? A military general leading warfare in a place where they are dealing with terrorists?
“What if a terrorist bought the general’s NIN slip, got his SIM card and sent a message to the troops and said, ‘Meet me at 0700. 14 degrees north,’ just to ambush them? The implications are serious. It means that anybody can claim to be you. They can get your SIM card and do it.”
Only three months after FIJ exposed XpressVerify, a private website selling the Nigerian identification data, private website AnyVerify has been found trading Nigerian bank verification numbers (BVNs), among other sensitive citizen data.
Paradigm Initiative said on Thursday that it was seeking legal redress on behalf of Nigerians for a breach of data privacy rights.
NIMC stated that the data of Nigerians had not been compromised on Saturday. It was responding to Paradigm Initiative’s alarm over websites such as AnyVerify and XpressVerify.
In the same breath, NIMC confirmed it did not authorise AnyVerify and some other listed websites. NIMC described these websites as data harvesters.
“When NIMC says there is no breach, we understand that they are trying to control and not create panic. But at this point, they need to hit the panic button; otherwise, there will be impunity over and over again,” Sesan noted.
According to Sesan, the Nigeria Data Protection Commission (NDPC) failed to properly scrutinise NIMC’s responsibility for the data breach after FIJ exposed XpressVerify in March. Sesan said NIMC only got “a slap on the wrist” for the breach.