The Nigeria Police Force has arrested eight members of a syndicate accused of creating fake identity verification platforms to illegally harvest Nigerians’ personal data.
The suspects were arrested following a petition from the Director-General of the National Identity Management Commission, Abisoye Coker-Odusote, who alerted the police about the illegal sale and commercial use of personal information linked to the National Identification Number.
Deputy Force Spokesman, Victor Isuku, during a press briefing in Abuja on Thursday said the operation was led by the National Cybercrime Centre, which used advanced digital forensic tools to track the culprits and their domains.
“The Nigerian Police Force National Cyber Crime Centre was able to achieve these great feats through the use of digital forensic techniques, which aided in identifying these threat actors and domains involved in this unlawful sale and verification of NIN-linked PPI,” Isuku said.
He explained that the main suspects, identified as Hamzat Lukman and Babalola Tolani Suleiman, were arrested in Kwara and Lagos states. Lukman, a software developer, created and hosted the domain goverify.com.ng on behalf of Suleiman and also developed three other similar platforms.
Other members of the group, including Nura Bello and Ibrahim Abubakar, were linked to another fake platform, idfinders.com.ng. Additional suspects arrested were Shoara Kehinde, Abubakar Amisu, Abdullahi Salisu, and Ashiru Sanni.
The police also listed several fake platforms operated by the syndicate, including verifymyNIN.com, triplus.ng, verifyforme.com.ng, anyverify.com.ng, cremetech.com.ng, and championtech.com.ng.
Isuku said efforts were ongoing to apprehend other members of the syndicate and to prevent further illegal access to government databases.
“The IG has again reaffirmed the commitment of the police force under its able leadership to combating all forms of cyber crimes as well as safeguarding national digital assets, reinforcing data privacy and protecting the integrity of citizens’ identification data,” Isuku said.
Director of the NPF National Cybercrime Centre, CP Ifenayi Uche, clarified that the NIMC database itself was never compromised.
“When the case was reported, we conducted vulnerability assessments and penetration tests. We confirmed there were no breaches in the NIMC system. What we uncovered was the existence of third parties who created phishing links that mimicked NIMC’s website to harvest Nigerians’ personal data,” Uche explained.
He added that the suspects built parallel databases with stolen information, which they then sold for commercial purposes. He confirmed that 13 of the 14 fraudulent domains identified have been taken down.
NIMC DG Coker-Odusote assured Nigerians that their data remains secure, noting that the commission has strengthened its cybersecurity systems and expanded its capacity to handle up to 250 million registrations.
“The National Identity Management Commission remains steadfast in protecting the integrity of Nigeria’s national identity database. We have decentralised enrolment processes to the ward level and strengthened our cybersecurity architecture,” she said.
She advised Nigerians to avoid using unauthorised platforms, reminding them that all enrolments and modifications are free at official NIMC centres.
