ADVERTISEMENT

System oversight leaks 23 million government records

Nigeria‘s social investment coordination platform accidentally leaked tens of millions of citizens‘ records, exposing everything from home addresses to work backgrounds.

Personal data leak laptop

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Mar 13, 2025 Updated: 1 April 2025 2 min read
Ernestas Naprys Paulina Okunyte Jurgita Lapienyte Niamh Ancell
Stay informed and get our latest stories on Google News
Add us as your Preferred Source on Google.

What data leaked, and why is it dangerous?

  • Full names
  • Dates of birth
  • Places of birth
  • National Identification Number (NIN)
  • Email addresses
  • Phone numbers
  • Home addresses
  • Work background
  • Education background
ADVERTISEMENT
“The implications of exposing 23 million application-related documents of N-Power candidates could be severe for the affected individuals. Identity theft, fraud, and targeted phishing attacks are the most likely risks for the leaks’ victims.”
  • Change the access controls to restrict public access and secure the bucket. Update permissions to ensure that only authorized users or services have the necessary access.
  • Monitor retrospectively access logs to assess whether the bucket has been accessed by unauthorized actors.
  • Enable server-side encryption to protect data at rest.
  • Use AWS Key Management Service (KMS) to manage encryption keys securely.
  • Implement SSL/TLS for data in transit to ensure secure communication.
  • Consider implementing security’s best practices, such as regular audits, automated security checks, and employee training.

  • Leak discovered: October 20th, 2024
  • Initial disclosure: October 23rd, 2024
  • CERT contacted: February 6th, 2024
  • Leak closed: March 31st, 2024
ADVERTISEMENT