The National Identity Management Commission (NIMC) has refuted the claims making the rounds that its servers were accessed by bounty hackers and insisted that it uses the most secure servers to manage Nigeria’s identity database.
The NIMC director-general, Engr. Aliyu Aziz, in his New Year message, clarified that there was no breach of its servers, as they are fully optimised at the best international security levels, as the custodian of important information.
Recall that a hacker claimed he had gained access to the commission’s server and had stolen three million national identity numbers of Nigerians.
However, Aziz debunked this claim, saying the NIMC has gone to great lengths to ensure the nation’s database is adequately secured and protected, given the spate of cyber-attacks on networks across the world.
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The commission and its infrastructure are certified by the ISO 27001:2013 Information Security Management System Standards which are revalidated annually.
“NIMC has ensured maximum security of its systems and database because of the critical nature of the identity data which the commission collects, manages and maintains as critical assets for the country.
“The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations,” he said.
The NIMC director-general stated that the commission neither uses nor stores information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.
The NIMC boss further stated that the NIMC MobileID application has no database within the app, nor does it store information in flat files. The commission has made this app available to the public to reduce and eliminate any delay or challenge(s) in accessing one’s NIN.
A statement by the NIMC’s head, corporate communications, Kayode Adegoke, said the public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database. The NIN slip, he said, is just a physical assertion of a person’s identity.
“Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals NIN slips; rather, they are used to authenticate the NIN using the approved and authorised verification platforms/channels provided,” it added.