NIMC Accused of Changing Nigerians’ NIN Personal Data Without Their Consent

National Identity Management Commission (NIMC) has been accused of deliberately altering citizens’ dates of birth on their National Identity Cards and subsequently charging N15,000 for corrections.

Details shared with West Africa Weekly by a Nigerian, whose name is withheld, show concern over the integrity of the National Identity Management Commission (NIMC) and its handling of personal data.

According to him, despite receiving his National Identity Card printout with the correct details earlier, his birth date was altered without his consent.

Upon discovering the discrepancy, he found that correcting the error would require a payment of N15,000—a non-refundable fee mandated by NIMC for processing such requests, which is the statutory process for adults.

These allegations come after an earlier report by TheCable revealed that a circular issued by NIMC had compromised the sensitive information of over 100 million Nigerians.

The circular, directed at verification service agents, allegedly allowed unlicensed parties and profiteers access to the personal data of Nigerian citizens, fueling fears of widespread identity theft and data misuse.

The revelations by TheCable follow an earlier alert by the Foundation for Investigative Journalism (FIJ), which uncovered that a private website, XpressVerify.com, had unauthorised access to the National Identification Numbers (NINs) and personal information of Nigerians. The website reportedly monetised access to this data, a practice that violates Nigerian law.

In response to FIJ’s report, NIMC’s Director-General and CEO, Abisoye Coker-Odusote, issued a statement distancing the commission from XpressVerify.

Coker-Odusote emphasised that NIMC only offers NIN verification services through licensed partners and announced an investigation into the data breach. However, TheCable’s investigation painted a more troubling picture, implicating NIMC itself in the data compromise.

The report detailed how NIMC’s NIN Verification Service (NVS), introduced in 2012, had significant vulnerabilities.

A World Bank audit 2017 highlighted the need for stringent audit controls to safeguard personal information. The audit revealed that licensed agents could create their application programming interface (API), allowing them to provide verification services to subagents without NIMC’s knowledge.

These subagents, in turn, could access the NIN data without NIMC’s oversight. Licensed agents reportedly profited by charging subagents for these services while failing to remit the proceeds to NIMC.

Charges typically ranged from N50 to N500, creating a lucrative but unauthorised business model. As the model expanded, additional subagents were registered, exacerbating the issue. In light of these vulnerabilities, NIMC took the drastic step of shutting down the NVS in 2017.

In 2023, President Bola Tinubu appointed Coker-Odusote to head NIMC. Despite the known flaws in the system, certain officials reportedly pressured Coker-Odusote to reopen the NVS as the new head of NIMC.

On February 26, 2024, Carolyn Folami, NIMC’s Director of Business Development and Commercial Services, issued a circular instructing verification service agents to reinstate the NVS. The circular emphasised NIMC’s renewed commitment to expanding the use of NIN for verification services across all industries.

However, a NIMC staff member criticised this decision, likening it to “opening a bank vault for the public to have a free run on the cash.”

The staff member alleged that the directive effectively reversed all security measures put in place to protect the NVS, allowing anyone with a verification license and a NIN to access personal data with or without the holder’s consent

Recall that a report by Paradigm Initiative (PIN), a non-profit organisation, revealed that sensitive personal and financial data of Nigerians are being sold online for as little as 100 Naira.

In a press release published on  June 20th, PIN declared that the unauthorised access to the personal data of Nigerians was “a blatant infringement on the privacy of Nigerian citizens.”

Read More:

• NNPC Denies Tinubu’s Involvement In OVH Acquisition Deal
• Ghanaian Businessman Donates $23,000 Worth Of Food To Burkinabe Refugees In Ghana
• PIDOM Nigeria Alive In Police Custody – David Hundeyin

About The Author

Oluwasegun Sanusi

subscriber

See author's posts