NIMC serves are secured – Aziz
The bug hunter who shared a copy of the Nigerian national identity number slip as part of a data leak has said the data was not from the database of Nigeria’s National Identity Management Commission (NIMC).
The bug hunter, who identified himself as Sam, said the data he shared belonged to a company. Sam is apparently a bug hunter who works with TECNO Security Response Centre.
“My recent post about, open, S3 bucket, I want to say that, that server is not from nigiria’s government, it’s from @TecnoSRC and, there is company’s private data nothing else, and I’ve reported it straight after finding it, and @TecnoSRC just fixed it within hours (sic),” Sam Tweeted on Monday.
The image of a NIN slip shared by Sam on Twitter generated a wave of criticism for NIMC. But the Commission insisted its servers are secured.
“NIMC has ensured maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages and maintains as critical assets for the country,” the Director-General of NIMC, Aliyu Aziz, said in a statement on Tuesday.
“The Commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations,” he stated.
The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.
The NIMC DG further informed that the NIMC MobileID application has no database within the app, nor does it store information in flat files.
He said the Commission has made this app available to the public to reduce and eliminate any delay or challenge(s) in accessing one’s NIN.
According to him, the public should be aware that the possession of a NIN slip does not amount to access to the National Identity Database, “but that the NIN slip is just a physical assertion of a person’s identity. Under the data protection regulations, no licensed partner/vendor is authorized to scan and store copies of individuals NIN slips but rather authenticate the NIN using the approved and authorized verification platforms/channels provided.”
Source: Guardian.ng
