Cyberattack Disrupts Senegal’s Biometric Data Systems, Exposing Citizen Records
A cyberattack targeting Senegal’s Directorate of File Automation (DAF) has forced the temporary shutdown of a critical government office responsible for managing national ID cards, passports, and biometric data. The incident, disclosed in a notice last week, affects all 19.5 million residents, with authorities scrambling to restore operations.
The ransomware group Green Blood Group claimed responsibility, alleging the theft of 139 GB of data, including citizen database records, biometric information, and immigration documents. The hackers shared samples of the stolen data, along with an internal email from Quik Saw Choo, a senior manager at IRIS Corporation Berhad the Malaysian firm contracted to develop Senegal’s new digital ID system.
In the January 20 email, Choo warned Senegalese officials that hackers breached two DAF servers on January 19, compromising card personalization data. IRIS responded by severing network connections, changing passwords, and isolating links to foreign missions. The company also planned a January 22 visit to Dakar to assist with investigations and remediation.
Despite assurances from a senior police official that citizens’ data “remains intact,” the DAF’s website remains offline as of February 5, with disruptions lasting at least five days. Local reports suggest the incident occurs amid a payment dispute between Senegal and IRIS.
Green Blood Group, which surfaced in January, has claimed breaches of four other victims alongside DAF. The attack underscores the growing threat to government ID systems, with similar incidents reported in Argentina and Estonia. Neither DAF nor IRIS has publicly commented on the breach.
Source: https://therecord.media/senegal-breach-national-id-agency
IRIS Corporation Berhad cybersecurity rating report: https://www.rankiteo.com/company/iriscorporationberhad
"id": "IRI1770666839",
"linkid": "iriscorporationberhad",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '19.5 million residents',
'industry': 'Public Sector, Identity Management',
'location': 'Senegal',
'name': 'Directorate of File Automation (DAF)',
'size': '19.5 million residents affected',
'type': 'Government Agency'},
{'industry': 'Technology, Biometric Systems',
'location': 'Malaysia',
'name': 'IRIS Corporation Berhad',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Yes (139 GB of data allegedly stolen)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (biometric and personally '
'identifiable information)',
'type_of_data_compromised': ['Citizen database records',
'Biometric information',
'Immigration documents']},
'date_detected': '2024-01-19',
'date_publicly_disclosed': '2024-02-01',
'description': 'A cyberattack targeting Senegal’s Directorate of File '
'Automation (DAF) has forced the temporary shutdown of a '
'critical government office responsible for managing national '
'ID cards, passports, and biometric data. The incident affects '
'all 19.5 million residents, with authorities scrambling to '
'restore operations. The ransomware group Green Blood Group '
'claimed responsibility, alleging the theft of 139 GB of data, '
'including citizen database records, biometric information, '
'and immigration documents.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '139 GB of data, including citizen database '
'records, biometric information, and '
'immigration documents',
'downtime': 'At least five days (as of February 5)',
'identity_theft_risk': 'High',
'operational_impact': 'Temporary shutdown of DAF operations, '
'disruption of ID and passport services',
'systems_affected': 'DAF servers, national ID and passport '
'systems'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2024-02-05',
'source': 'Local reports and Green Blood Group claims'}],
'response': {'communication_strategy': 'Limited public comments from DAF or '
'IRIS',
'containment_measures': 'Severing network connections, changing '
'passwords, isolating links to foreign '
'missions',
'incident_response_plan_activated': 'Yes',
'network_segmentation': 'Yes (isolating links to foreign '
'missions)',
'third_party_assistance': 'IRIS Corporation Berhad (planned '
'visit to Dakar on January 22)'},
'threat_actor': 'Green Blood Group',
'title': 'Cyberattack Disrupts Senegal’s Biometric Data Systems, Exposing '
'Citizen Records',
'type': 'Ransomware'}