The Nigeria Data Protection Commission (NDPC) says investigation revealed a third-party firm may have allowed ExpressVerify, a private organisation, into the National Identity Management Commission (NIMC) database.
In a statement on March 28 by Babatunde Bamigboye, head of legal, enforcement and regulations, NDPC said the third party, who was originally licenced to provide verification services to Nigerians, may have allowed expressverify.com to undertake the service using its national identity number (NIN) verification.
“Following the reported incident of unauthorized NIN verification by expressverify.com, investigation reveals that a third-party who, among others, was originally authorized to provide verification services to citizens and genuine businesses might have allowed expressverify.com to use its NIN verification credentials to conduct verification,” the commission said.
The NDPC said the circumstances surrounding the permission are currently being investigated.
“To remedy this incident, National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database,” NDPC said.
“Though necessary, barring all forms of access affected all genuine and crucial verification requests. After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.
“Ongoing investigation – by relevant agencies – seeks to establish the medium through which expressverify.com obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.”
