Senegal shuts national ID systems after ransomware group claims data theft

Senegal has temporarily shut down a government office responsible for managing national identity cards, passports, and biometric records after a cybersecurity breach disrupted its systems and triggered claims of large-scale data theft by a ransomware group.

The Directorate of File Automation, the government department that oversees sensitive citizen identification systems, issued a public notice last week informing the country’s roughly 19.5 million residents that a cyberattack had forced a suspension of operations. The shutdown affected services tied to national ID cards, immigration records, and other biometric data.

A senior police official said authorities are working to restore the affected systems and stated that the integrity of citizens’ personal information remains intact. The Directorate of File Automation did not issue further public comment.

The disclosure followed claims by a ransomware group calling itself Green Blood Group, which asserted that it breached the agency and exfiltrated about 139 gigabytes of data. The group said the material includes citizen database records, biometric information, and immigration documents, and released sample files to support the claim.

Among the material shared by the attackers was an internal email dated Jan. 20 from Quik Saw Choo, a senior general manager at IRIS Corporation Berhad, a Malaysian technology company specializing in digital identity and biometric systems. IRIS was recently contracted to develop Senegal’s new digital identification cards.

In the email, Choo warned officials at the Directorate of File Automation and other ministries that attackers had compromised two agency servers on Jan. 19. One server was used for card personalization data. IRIS took immediate steps that included severing network access to one server, changing credentials on the second system, and disabling network connections to foreign missions and other offices.

Choo said the company began coordinating with cybersecurity specialists in Malaysia and proposed traveling to Dakar on Jan. 22 to support further investigation and implement corrective measures. The disruption to the agency has persisted for several days, and the Directorate of File Automation’s website remained offline as of Monday afternoon.