Somalia’s New E-Visa System Exposes Thousands to Data Breach Risk. Mogadishu, Somalia — Somalia’s new electronic visa website has been identified with a critical security flaw that could leave the personal data of thousands of visa applicants at risk.
The vulnerability was confirmed by reports this week after receiving a tip from a source with expertise in web development.
The source claimed to have reported the issue to Somali authorities but received no response.
The flaw allows malicious actors to potentially download e — visas containing sensitive information, including passport details, full names, and dates of birth. Bridget Andere, a senior policy analyst at digital rights group Access Now, warned that such breaches can lead to identity theft, fraud, and intelligence gathering by malicious entities.
This revelation comes just a month after officials announced an inquiry into a previous breach of the country’s e-visa platform.
Al Jazeera was able to replicate the identified vulnerability, downloading e — visas from individuals across Somalia, Portugal, Sweden, the United States, and Switzerland within a short time frame. Despite repeated attempts to alert the Somali government to the issue, no response has been received.
Andere criticized the government’s handling of the situation, stating that the lack of a formal notice about the data breach and the disregard for public concerns and rights erode public trust and create avoidable vulnerabilities.
The Somali government’s push to deploy the e-visa system, despite being unprepared for potential risks, has been criticized.
The system was redeployed after a serious data breach, raising concerns about the government’s commitment to data protection and cybersecurity.
Last month, the US and UK governments issued a warning about a data breach that leaked the information of over 35,000 visa applicants. Somalia’s Immigration and Citizenship Agency (ICA) changed its e-visa website to a new domain in an attempt to increase security, but the latest findings indicate that the risk remains.
Access Now’s Andere emphasized that governments often rush to implement e-visa systems, leading to insecure situations.
She advised that it is challenging for individuals to protect themselves against these types of data breaches.
The situation remains developing, with further details expected to emerge. Officials commented on the matter.
