609 total views, 1 views today
The Federal Government has debunked claims that the nation’s National Identity Management Commission, NIMC, server was hacked.
Reports made the rounds on Monday that the NIMC server was hacked and over three million National Identification Number, NIN, of Nigerians stolen.
Reacting, however, in a statement on Tuesday by the Director-General of NIMC, Engr. Aliyu Aziz, he said the servers were not hacked.
He said they were fully optimised at the highest international security levels.
Part of the statement read:
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database. The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually”.
“Also the possession of an individual’s NIN slip does not amount to access to the National Identity Database.”
The Commission assured Nigerians that it will continue to uphold the highest ethical standards in data security on behalf of the Government to ensure compliance with data protection and privacy regulations.
The NIMC Director-General also explained that the Commission does not use nor store information on the AWS cloud platform or any public cloud.
The Commission reassured the public that the possession of a NIN slip does not give access to the National Identity Database, but that the NIN slip is just a physical assertion of a person’s identity.
“Under the data protection regulations, no licensed partner/vendor is authorized to scan and store copies of individuals NIN slips but rather authenticate the NIN using the approved and authorized verification platforms/channels provided.
“As part of our policies to protect personally identifiable information stored in the National Identity Database, the Ministry of Communications and Digital Economy through NIMC had launched the Tokenization features of the NIN verification service. This solution is to safeguard the personal data of individuals and ensure continuous user rights and privacy,”