Senegal Halts National ID Issuance After Suspected Coordinated Cyberattack
Senegal has temporarily suspended the issuance of national ID cards following a reported data breach affecting the country’s population database. The Directorate of File Automation (DAF), the government agency overseeing biometric records and identity documents, confirmed the disruption but assured the public that personal data remained intact. An investigation has been launched to assess the incident.
The hacking group Green Blood Group claimed responsibility, alleging it exfiltrated approximately 139 terabytes of data, including biometrics, identity records, and immigration files. Reports suggest the attack may have been coordinated, as Senegal Numérique SA the agency leading the country’s digital transformation also experienced a breach around the same time.
Iris Corporation, the Malaysian firm contracted to produce Senegal’s national ID cards since 2016, has dispatched teams to assist in the investigation. The government is also examining whether the supplier bears any liability. The initial contract, valued at roughly $90 million, was renewed in 2021 for $19.5 million to supply three million ID cards, with the deal set to conclude in 2023.
This incident follows a recent cyberattack on Senegal’s taxation system and occurs amid the country’s ongoing New Deal Technologique digital transformation initiative, which received a $10 million grant from the Gates Foundation last year. The breach underscores growing cybersecurity challenges as Senegal expands its digital infrastructure.
Source: https://www.biometricupdate.com/202602/senegal-data-breach-disrupts-national-id-issuance
IRIS Corporation cybersecurity rating report: https://www.rankiteo.com/company/iris-corporation
Sénégal Numérique S.A. (ex-ADIE) cybersecurity rating report: https://www.rankiteo.com/company/senegal-numerique-sa
"id": "IRISEN1770760646",
"linkid": "iris-corporation, senegal-numerique-sa",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Senegalese population (national '
'ID holders)',
'industry': 'Public Sector',
'location': 'Senegal',
'name': 'Directorate of File Automation (DAF)',
'type': 'Government Agency'},
{'industry': 'Public Sector / Digital Transformation',
'location': 'Senegal',
'name': 'Senegal Numérique SA',
'type': 'Government Agency'},
{'industry': 'Biometrics / Identity Solutions',
'location': 'Malaysia',
'name': 'Iris Corporation',
'type': 'Private Company'}],
'customer_advisories': 'Government assured public that personal data remained '
'intact',
'data_breach': {'data_exfiltration': '139 terabytes of data allegedly '
'exfiltrated',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (biometrics and personally '
'identifiable information)',
'type_of_data_compromised': ['Biometrics',
'Identity records',
'Immigration files']},
'description': 'Senegal has temporarily suspended the issuance of national ID '
'cards following a reported data breach affecting the '
'country’s population database. The Directorate of File '
'Automation (DAF) confirmed the disruption but assured the '
'public that personal data remained intact. The hacking group '
'*Green Blood Group* claimed responsibility, alleging it '
'exfiltrated approximately 139 terabytes of data, including '
'biometrics, identity records, and immigration files. Reports '
'suggest the attack may have been coordinated, as Senegal '
'Numérique SA also experienced a breach around the same time.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Senegal’s digital transformation '
'efforts',
'data_compromised': '139 terabytes of data, including biometrics, '
'identity records, and immigration files',
'downtime': 'Temporary suspension of national ID issuance',
'identity_theft_risk': 'High (biometrics and identity records '
'compromised)',
'legal_liabilities': 'Government examining supplier liability '
'(Iris Corporation)',
'operational_impact': 'Disruption to national ID card production '
'and digital transformation initiatives',
'systems_affected': 'National ID issuance system, population '
'database, taxation system (previous '
'incident)'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Alleged exfiltration of 139 terabytes of '
'data'},
'references': [{'source': 'Cyber Incident Report'}],
'regulatory_compliance': {'legal_actions': 'Government examining supplier '
'liability'},
'response': {'communication_strategy': 'Government assured public that '
'personal data remained intact',
'containment_measures': 'Temporary suspension of national ID '
'issuance',
'third_party_assistance': 'Iris Corporation dispatched teams to '
'assist in the investigation'},
'threat_actor': 'Green Blood Group',
'title': 'Senegal Halts National ID Issuance After Suspected Coordinated '
'Cyberattack',
'type': 'Data Breach'}