Hackers Claim Massive Biometric Data Breach at Senegal Government Agency

In a recent report, Senegalese authorities have allegedly experienced a “massive and potentially catastrophic” cyberattack against one of their major Governmental Agencies. Apparently, a ransomware group has claimed responsibility for stealing and posting a total of 139 terabytes of private Biometric and Immigration Data related to the Senegalese Citizens onto the Dark Web. 

Currently, there is no official communiqué from the Government, leaving many citizens concerned about how secure their most private and confidential information really is. 

A Hacker Group’s Bold Claim

A ransomware group calling itself “Green Blood Group” made the claim. The group announced on a dark web portal that it had added two new victims, one of whom is Senegal’s File Automation Directorate (DAF).

According to their post, the attackers encrypted and transferred 139 terabytes of data, including fingerprints, facial biometrics, and immigration records, to the Dark Web. Generally, this type of criminal group will demand payment from the victims in order to release the data back to them and/or not make it public.

The official website of the DAF is also currently down, so there is additional credibility in regard to the criminal group’s claims. Hackers have attacked a government entity in Senegal before.  The General Directorate of Taxes and State Property (DGID) has reportedly suffered similar data breaches.

What is at Stake for Citizens?

The type of data involved makes this breach particularly alarming. Unlike a password, biometric data cannot be changed. It includes unique physical identifiers such as fingerprints, facial patterns, and possibly iris scans.

Once stolen, this data is lost forever. This type of data theft could result in serious criminal activity involving identity theft, financial fraud, and the creation of counterfeit documents.

The real-world consequences of such government data theft were recently seen in Bangladesh, where a fake government portal led to the leak of passports and personal documents of 1,100 citizens onto the dark web, illustrating the immediate danger to individuals.

The immigration data connected to this breach could also expose the travel history and personal information of those who used the government agency for their official documents, and thereby create additional risks to their safety. The combination of these datasets in criminal hands is a serious national security and personal privacy concern.

As digital identity systems grow globally, breaches like this highlight their risks. The National Institute of Standards and Technology (NIST) has extensive resources explaining the unique and permanent privacy challenges posed by biometric data compromise.

Silence and Growing Concern

At the present time of this writing, the Ministry of Interior and DAF have yet to release any sort of official communication or press release regarding these attacks, which continue to increase anxiety and uncertainty among the general public.

Cybersecurity experts highlight that openness and prompt responses are essential elements after a data breach. Authorities should communicate with the public to provide assistance and outline actions taken to secure their systems and conduct investigations into the incident. Failing to communicate creates a void that speculation and fear will quickly fill.

For citizens seeking immediate action, the U.S. The Federal Trade Commission (FTC) provides a practical guide to help people respond to data breaches, which can also be used in other countries.

The reported breach indicates how vulnerable systems are that hold our most sensitive information. The alleged attack on Senegal follows a pattern of high-impact breaches targeting national data, including the alleged leak of millions of records from the Armenian government. The next few days will be imperative to the public in measuring the response of their government and understanding the overall impacts of this shocking incident.