The National Identity Management Commission (NIMC) has denied the loss of over 3 million databases of Nigerian to hackers, stressing that the commission’s servers are most secure for identity management.
This is just as the alleged hacker denied hacking into the NIMC database and stole 3 million databases of Nigerians as widely reported on social media.
The alleged ‘hacker’ on his Twitter handle @_SamO_o by 6:06 pm on 10th January 2020 while debunking the allegation tweeted “Hi, Guys my recent post about, open, S3 bucket, I want to say that, that server is not from Nigeria’s government, it’s from @TecnoSRC and, there is company’s private data nothing else, and I’ve reported it straight after finding it, and @TecnoSRC just fixed it within hours”.
NIMC in a statement by its Head Corporate Communications, Kayode Adegoke said that its servers were not breached but are fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria.
The statement noted that the Director-General of NIMC, Engr. Aliyu Aziz had said as the custodian of the foundational identity database for Africa’s most populous nation, NIMC has gone to great lengths to ensure the nation’s database is adequately secured and protected especially given the spate of cyber-attacks on networks across the world.
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which is revalidated annually.
“NIMC has ensured maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages and maintains as critical assets for the country.
“The Commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations.
“The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.
“The NIMC DG further stated that the NIMC MobileID application has no database within the app, nor does it store information in flat files. The Commission has made this app available to the public to reduce and eliminate any delay or challenge(s) in accessing one’s NIN.
“The public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity. Under the data protection regulations, no licensed partner/vendor is authorised to scan and store copies of individuals NIN slips but rather authenticate the NIN using the approved and authorised verification platforms/channels provided.
“As part of its policies to protect personally identifiable information stored in the National Identity Database, the public may recall that the Ministry of Communications and Digital Economy through NIMC launched the Tokenization features of the NIN verification service. This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy.
“In compliance with the mandatory use of NIN for government services, the Commission also hails the concerted efforts of several Federal Government agencies such as Joint Admissions and Matriculations Board (JAMB), the Federal Road Safety Corps (FRSC), Nigeria Immigration Services, Pension Commission (PenCom), the Nigeria Police Force, the Nigeria Correctional Service, the Nigeria Customs, and a host of others, who have streamlined their services in line with the use of National Identification Number (NIN) as the valid means of identification.
“While wishing all Nigerians and legal residents a happy and prosperous new year 2022, Engr Aziz appealed to all stakeholders to embrace the identity, enrol and receive their NINs. Engr. Aziz opined that the Federal Government’s efforts in providing security and economic solace for all Nigerians will be enhanced when the entire population is enrolled into the national identity database”, the statement reads.
Table of Contents
LEARN ABOUT THE NEW NIN TOKENIZATION
NIN tokenization helps to protect an individual’s data privacy via the use of an encrypted, coded representation (“disguised”) version of the NIN rather than actual NIN itself in day-to-day transactions.
User IDs, QR codes and even verification log details on the MWS Mobile ID app are all types of NIN tokenization in that they all hide the NIN of the user.
The Virtual NIN
NIMC’s MWS Mobile ID app comes with a feature which provides the user with a Virtual NIN.
This Virtual NIN is also a tokenized version of the person’s actual NIN which another party verifying the number cannot retain and use in a way that puts the individual’s data privacy at risk.
The Virtual NIN itself (not the NIN record it represents) expires 72 hours after being generated.
You can use the Virtual NIN when digitally verifying your identity with a verifying agent or enterprise who needs to confirm your identity before offering you a service (banks, airports, shopping delivery and so on).
How It Works via USSD
To generate a Virtual NIN via USSD, dial *346*3*Your NIN*AgentCode#
An SMS message will be sent back to you containing the Virtual NIN generated for you.
How It Works on the MWS Mobile App
Launch the MWS Mobile ID app installed on your device (Android or iOS). Make sure you have the current version of the app installed or updated on your mobile device.
Enter your PIN on the lock screen to continue.
Select the “GET VIRTUAL NIN” button on the “Home” screen.
Read through the “Enhanced Data Privacy” text.
Then click on the button with the “+” sign on the bottom right corner of the screen to start the process of generating a Virtual NIN for the verifying Enterprise you are dealing with.
Tap on any of the available options to either scan the Enterprise’s QR code or type in the Enterprise’s ID.
A Virtual NIN is generated for you to use specifically with that verifying Enterprise alone.
Present the Virtual NIN to the Enterprise for verification.
Receive a notification once verification is completed by the Enterprise.
Data privacy protection – access to an individual’s NIN by others is further restricted.
Generated token is encrypted and totally opaque with no correlation to the NIN.
The NIN holder is the only exclusive issuer.
Generated tokens expire after a set period of time.
Virtual NIN tokens generated are merchant-specific, a token generated for company A cannot be used or verified by company B.