[Digital Business Africa] - Several security experts note that millions of data from users of the National Social Insurance Fund (NSIF) of Cameroon are already available for sale on the dark web.
According to experts such as Mounir Nji Amine of the Enix firm, the prices of this data offered by hackers are 3,000 US dollars for all the data (25 GB) and 1,000 US dollars for partial data (10 GB).
Contacted this Friday by Digital Business Africa, the CNPS indicated that it had not yet issued an official statement on this subject. So, for the moment, there is no confirmation or denial.
Yesterday, September 12, 2024, a worrying message published on a hacking forum indicated that hackers had targeted the NSIF. In this message, we learned that the hacker group Space Bears had hacked a potentially lucrative data mine of the NSIF and demanded a ransom payment by September 22, 2024, or else this data would be sold on the dark web. They did not wait until this deadline.
However, some cybersecurity professionals say that Space Bears is just a data broker and that the real hackers who provided them with this information are elsewhere and have other copies.
According to the message published yesterday on this forum, this data contains:
– Information on employee and employer contributions
– Details of social security beneficiaries (over 1.5 million people)
– Financial documents and accounting reports
– Backup data and customer databases
– Huawei network structure diagrams
– Personal data of employees and citizens, including archived insurance information
The message published on the forum claims that the CNPS uses Huawei network infrastructure, although this detail cannot be independently verified. Even more alarming, the hackers appear to possess personal data of employees and citizens, including archived and potentially sensitive insurance information.
This raises serious privacy concerns, as such data breaches could be exploited for identity theft, financial fraud, or even social engineering.
The NSIF is a crucial public institution responsible for managing Cameroonians’ social security benefits. If proven, this cyberattack could significantly hardship users of CNPS services.
The forum post did not specify whether data had already been compromised. However, the detailed information suggests that the hackers may have gained significant access to CNPS systems.
Urgent Actions Needed
Therefore, the NSIF should act quickly to investigate the validity of these claims and assess the extent of any potential data breach. They should also:
– Implement a robust incident response plan to contain the threat and prevent further damage.
– Investigate to determine the extent of the breach and identify vulnerabilities.
– Review and strengthen their cybersecurity measures to prevent future attacks.
According to Mounir Nji Amine of Enix, it is too late because this data is already for sale on the dark web. “Even if we were to pay the ransom, this information would already be compromised. Space Bears is a data broker, but the hackers who provided them with this information necessarily have a copy. As we often say in our country, when deploying a system, if there is a doubt about security, then there is no longer any doubt. We must immediately take precautions. Our institutions must pay more attention to prevention and anticipation,” explains this cybersecurity expert.
Importance of Data Privacy
This incident highlights the growing importance of data privacy in Africa and Cameroon for Beaugas-Orain DJOYUM, CEO of ICT Media STRATEGIES, a strategic monitoring and e-reputation firm. “The government and relevant institutions should act more quickly to implement strong regulations on personal data protection and at the same time promote cybersecurity awareness among citizens and organizations,” suggests Beaugas-Orain DJOYUM.
By Digital Business Africa