NDPC: Third-party firm may have allowed unlicensed agents into NIN database

NDPC: Third-party firm may have allowed unlicensed agents into NIN database NDPC: Third-party firm may have allowed unlicensed agents into NIN database

The Nigeria Data Protection Commission (NDPC) says investigation revealed a third-party firm may have allowed ExpressVerify, a private organisation, into the National Identity Management Commission (NIMC) database.

TheCable, had on March 19, reported how NIMC exposed the private data of over 100 million to unlicensed entities and profiteers by reinstating the NIN verification service (NVS) which unlicensed and unauthorised parties to gain unfettered access to the database of Nigerians captured on NIN

Speaking on its findings in a statement on March 28, the NDPC said the third party, who was originally licenced to provide verification services to Nigerians, may have allowed to undertake the service using its national identity number (NIN) verification.

Following the reported incident of unauthorized NIN verification by, investigation reveals that a third-party who, among others, was originally authorized to provide verification services to citizens and genuine businesses might have allowed to use its NIN verification credentials to conduct verification,” the commission said.


The NDPC said the circumstances surrounding the permission are currently being investigated.

“To remedy this incident, National Identity Management Commission (NIMC), in line with established remediation protocols, barred all forms of access to its database,” the NDPC said.

“Though necessary, barring all forms of access affected all genuine and crucial verification requests. After a painstaking review, limited access has been granted to few establishments that are providing pivotal public services such as education and security.


“Ongoing investigation – by relevant agencies – seeks to establish the medium through which obtained the credentials of bona fide third parties and to determine the liability of persons involved in line with extant laws.”

At the moment, the NDPC said, data processing by licensees generally would be scrutinised and “only those that are cleared based on credible evidence of regulatory compliance will be permitted to carry out NIN verification going forward”.

“Furthermore, series of intensive trainings will be conducted in order to ensure that personnel and licensees are abreast of the duty of care and the standard of care mandated by the Nigeria Data Protection Act, NIMC’s Privacy Policy and other relevant regulatory protocols,” the commission said.

“In the meantime, NDPC calls on members of the public to see NIN as an essential data for sustainable development.”


While existing technical and organisational measures are being strengthened to ensure the protection of data, the NDPC said citizens must ensure they are not left unidentified in various frameworks for development.

On March 16, a report by the Foundation for Investigative Journalism (FIJ) said ExpressVerify has unrestricted access to NINs and personal details of every Nigerian registered in the nation’s identity database managed by NIMC.

The platform is said to have monetised access to NINs and the personal information of citizens on the database.

Consequently, on March 17, NDPC commenced an investigation into the alleged unauthorised access to the database of the NIMC.

Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected from copying.