The Somali Immigration and Citizenship Agency confirmed the hack on Sunday, marking the government’s first official admission after days of mounting concern and urgent warnings from Western allies. The breach casts a long shadow over a digital platform the government had promoted as essential for modernising border control and keeping extremists at bay.
The alarm was first raised internationally. On November 13, the US Embassy in Mogadishu issued a stark advisory, stating it had received “credible reports” that “unidentified hackers” had penetrated the system. The embassy warned that data from at least 35,000 applicants, including thousands of American citizens, may have been compromised.
This was swiftly followed by a similar warning from the United Kingdom. “This data breach is ongoing and could expose any personal data you enter into the system,” the UK embassy cautioned on November 14. “Consider the risks before applying for an e-visa required for travel to Somalia.”
The scale of the exposure became chillingly clear as clusters of social media accounts on the platform X began circulating what they claimed was stolen data from the system. The leaked documents, according to the US embassy statement, include a vast array of personal details: full names, photographs, dates of birth, marital status, home addresses, and email contacts.
For individuals travelling to or from Somalia, a nation with a complex security landscape, such a data dump represents a profound safety risk that extends far beyond simple identity theft.
The Somali immigration agency, in its Sunday statement, said it was treating the issue with “special importance” and had launched an investigation to determine “the extent of the attempted breach, its origin, and any potential impact.” It promised a public report and direct communication with those affected.
However, the statement was notably silent on the number of people impacted or a timeline for the investigation, leaving many applicants in a state of uncertainty. In a quiet but telling move, the government has since migrated the entire e-visa system to a new website domain, a step that has drawn criticism for its lack of transparency.
The breach is particularly embarrassing for the government as it comes just after officials were publicly celebrating the e-visa system’s successes. Earlier in the week, Defence Minister Ahmed Moalim Fiqi had praised the platform, claiming it had successfully prevented fighters from the ISIL (ISIS) group from entering the country.
This claim was made as a months-long battle continued in northern regions against a local affiliate of the group, underscoring the high-stakes security role the digital system was meant to play.
The incident has sparked anger and frustration among tech and security experts in Somalia. Mohamed Ibrahim, a former Somali telecommunications minister, told Al Jazeera that while hacking is a global challenge, the authorities’ response has been lacking.
“Somalia isn’t high-tech, and hacking, in itself, is neither here nor there. But they should have been upfront with the public,” Ibrahim said. “Why was the website’s URL changed, for example? That hasn’t even been explained.”
The government’s initial reaction was one of denial. On Saturday, the eve of the official confirmation, the immigration agency’s director-general, Mustafa Sheikh Ali Duhulow, dismissed media reports about the breach as “coordinated misinformation campaigns” intended to undermine state institutions. He did not directly address the hacking allegations.
The data breach has also poured fuel on the fiery political tensions between the federal government in Mogadishu and the breakaway region of Somaliland. Somaliland, which declared independence in 1991 though it is not internationally recognised, has long resisted Mogadishu’s attempts to exert control.
Officials in Somaliland have reacted with fury to the breach. Mohamed Hagi, an adviser to Somaliland’s president, called the administration in Mogadishu “institutionally irresponsible” for keeping the compromised visa portal active.
The cyber incident came amid a sharp escalation in a dispute over airspace control. Just one day before the breach became public, Somaliland had issued a defiant statement declaring that “entry visas issued by the Federal Government of Somalia bear no legal validity” within its territory.
This context makes the e-visa breach more than a simple cybersecurity failure; it is a digital manifestation of a deep-seated political conflict. Somalia’s federal government has been working to centralise key state functions like visa procedures and airspace management, efforts that are frequently challenged by autonomous regional states.
No comments yet. Leave a reply to start a conversation.
By signing up, you agree to receive our newsletters and promotional content and accept our Terms of Use and Privacy Policy. You may unsubscribe at any time.