Contrary to circulating fears, the National Identity Management Commission (NIMC) database has not been breached, confirmed CP Ifenayi Uche, Director of the Nigeria Police Force National Cyber Crime Center (NPF-NCCC).
The clarification came during a joint press briefing at the NPF-NCCC Headquarters in Abuja on Thursday. Officials from both the Nigeria Police Force and NIMC attended the event.
NIMC System Tested, No Breach Found
CP Uche explained that after reports of a suspected hack, the center performed vulnerability assessments and penetration tests on the NIMC system.
“Our investigation confirmed that the NIMC database was secure. However, we discovered third parties using phishing links that mimicked NIMC’s website. Consequently, they aimed to harvest personal data from Nigerians for commercial purposes,” he said.
Moreover, the director added that the suspects created parallel databases using the stolen data. Then, they sold this information to unsuspecting clients.
Fraudulent Domains Dismantled
CP Uche revealed that out of 14 suspicious domains identified, 13 have already been shut down by operatives.
Additionally, the Deputy Force Spokesman, CSP Victor Isuku, said the NPF’s cybercrime unit employed advanced digital forensic techniques to trace the perpetrators and their illegal domains.
“Our operatives apprehended eight members of a syndicate running unauthorized identity verification platforms. They illegally collected Nigerians’ personal information under the guise of accessing the NIMC database,” CSP Isuku stated.
Arrests Made Across Nigeria
The operation followed a petition by NIMC Director-General, Abisoye Coker-Odusote. It concerned the illegal distribution and commercialization of Nigerians’ personal data.
“Using digital forensic methods, we successfully identified the criminals and the domains involved in the unlawful sale and verification of NIN-linked data,” Isuku added.
Two main suspects, Hamzat Lukman and Babalola Tolani Suleiman, were arrested in Kwara and Lagos States. Lukman, a software developer, created goverify.com.ng and hosted three other domains for commercial verification.
Furthermore, further investigation led to the arrests of Nura Bello and Ibrahim Abubakar, the latter linked to idfinders.com.ng. Other suspects include Shoara Kehinde, Abubakar Amisu, Abdullahi Salisu, and Ashiru Sanni.
The domains used in the scheme include:
verifymyNIN.com
triplus.ng
idfinder.com.ng
verifyforme.com.ng
subpoint.com.ng
verify.datashop.com.ng
championtech.com.ng
anyverify.com.ng
cremetech.com.ng
nickverify.humanity.com.ng
inventor.com.ng
Police Reinforce Commitment to Cybersecurity
The DFPRO confirmed that efforts are ongoing to apprehend other cybercriminals involved in illegal database access and commercialization.
Moreover, CP Uche highlighted the Inspector-General of Police, IGP Kayode Adeolu Egbetokun’s, commitment to dismantling criminal networks targeting critical national infrastructure.
“Under the IGP’s leadership, the police are fully committed to combating cybercrime. Additionally, we will continue safeguarding national digital assets, reinforcing data privacy, and protecting citizens’ identification information,” he said.
CSP Isuku described the operation as a milestone for the police, NIMC, and Nigeria.
“We remain dedicated to protecting digital assets, securing citizens’ data, and upholding privacy standards across national systems,” he concluded.
