HomeData Privacy Law DigestA stitch in time…

A stitch in time…

Date:

Last week’s disclosure by the Nigerian Data Protection Commission (NDPC), that it is investigating 17 major cases of data breaches and violations has merely confirmed a concerning development, which although often underreported, has grave implications for national security. We refer here to the growing theft of confidential data such as names, email addresses, passwords, banking details, etc. – from a system, usually a hacker— without the knowledge or authorisation of the owner.

According to the NDPC’s Chief Executive Officer, Vincent Olatunji, over 1,000 complaints were received from concerned individuals and corporate bodies about data infractions. The data breaches and violations are said to spread across financial institutions (banks), technology, education, consulting, lottery and gaming services, as well as logistics services, among others.

Concerning as the revelation appears, the truth however is that this is actually nothing new. Last year, Surfshark, an Amsterdam-based cybersecurity firm, reported in a study that covered the first quarter of 2023, that Nigeria actually ranked as the 32nd most breached country in the world with a whopping 82,000 leaked accounts, representing a 64% increase from the previous quarter. This was at a time Check Point 2023 Mid-Year Security Report, reported an eight percent surge in global weekly cyber attacks in the second quarter of 2023 – said to be the most significant increase in two years. Needless to state that the yawning gap, between the global average and Nigeria’s, ought to stoke alarm.

To bring the reality closer home still, we recall the Independent National Electoral Commission (INEC) once complained about the commission’s result viewing portal coming under attack from hackers during the Ekiti and Osun states’ governorship elections. INEC chairman, Mahmood Yakubu, had at a stakeholders’ conference on election result management in Abuja, disclosed: “Our engineers reported several cyber attacks on the portal during the Ekiti and Osun governorship elections; some of them from as far as Asia. I am glad to note that all of them failed. We have tasked our engineers to do everything possible to fully protect the IReV and all our web resources.”

Ironically, similar incidents were to be reported on a larger scale during last year’s general elections.

Whether at the level of the individual, business or even government, the truth is that cases of compromises of data – from personal information, financial records, medical data, to other identification details – as indeed of identity theft, financial fraud, and reputational damage are not only on the rise but are increasingly common-place. If we may borrow the words of cybersecurity analyst James MacKay, the breaches have morphed from mere cyber security issues to instigators of huge financial losses, reputational damage, legal troubles, regulatory clampdowns, with far-reaching consequences in the erosion of consumer trust. So grave and frightening are the portents that no country can afford to be seen to treat them with levity.

Having alerted Nigerians to the dangers, the big question is, what is the NDPC doing about them? With hackers known to deploy every tactic to infiltrate, expose and profit from sensitive information, does the commission have the resources, sophistication and the capacity to outpace the perverts in their game? Investigations and punishments are certainly not enough. The recently signed Data Protection Act 2023 which places a fine of two per cent of the gross revenue of any company found guilty of data violation is no doubt an important instrument. However, beyond what amounts to chasing after the offender with the prospect of a hefty fine, there has to be a more embracing strategy to ensure that all the players in the data value chain are not only aware of their responsibility but are seen to match that with the requisite investments to prevent possible compromises. And given that governments at all levels are no less vulnerable to data breaches, they should also be willing to provide the requisite leadership. This seems to us another instance when a stitch in time will save quite a handful!

Editorial

The Nation

Share on

Place your
Adver here

For more details, contact

Related articles: