Facebook Twitter (X) Instagram Somali Magazine - People's Magazine
Somalia has begun a nationwide investigation after hackers breached the country’s electronic visa system, potentially exposing sensitive personal information belonging to more than 35,000 applicants. Those affected include citizens of Somalia as well as foreigners from countries such as Kenya, the United States, the United Kingdom and Canada. The Immigration and Citizenship Agency confirmed the incident after both the U.S. and U.K. embassies warned that unknown hackers had accessed the e-visa platform and may have leaked documents containing passport details, photographs, dates of birth, home addresses, and even banking information.
According to cybersecurity experts, the breach stemmed from a simple but serious technical error. The platform had an unsecured verification endpoint that allowed anyone to access records one by one without any form of login or authentication. Abdi Daud, a Somali enterprise system architect who analyzed the flaw, described it as extremely basic and preventable, saying the issue was “not hacking but counting.” Despite the simplicity of the vulnerability, he warned that its consequences could be severe because of the type of information exposed.
The leaked data could be misused for identity theft, financial scams, or targeted tracking of individuals. Security officials are especially concerned that extremist groups such as al-Shabaab could exploit the information for intelligence gathering, intimidation, or recruitment. The group has previously used personal data to monitor or pressure civilians and government workers.
In response to the breach, the Immigration and Citizenship Agency announced that it is treating the matter with high priority. The government has temporarily shut down access to the compromised platform and moved visa services to a new website, etas.gov.so, while they work to secure the system. A joint investigative team made up of digital forensics experts, national security agencies and international partners has been formed to determine how the breach occurred, how far it spread and the full impact on affected people.
Officials said they plan to notify individuals whose data may have been exposed and will release a public report once the investigation is complete. They also warned the public to follow only official government communication channels, as inaccurate information is spreading online and could cause unnecessary panic.
The data breach comes at a sensitive time for Somalia, which has been experiencing political tensions with some regional administrations over control of immigration systems and national airspace. Both Somaliland and Puntland have refused to recognize the federal government’s e-visa system, saying it violates their autonomy. Somaliland officials even claimed earlier that the platform could put people at risk by making their data accessible to extremist groups. The recent incident has intensified these political disagreements and added pressure on the federal government to strengthen its digital systems.
Somalia introduced the electronic visa platform in September 2025 as part of efforts to modernize border management, improve the travel experience for visitors and increase transparency in revenue collection. The system was meant to make travel easier and more secure, but the recent breach has raised concerns about whether adequate security checks were carried out before its launch. The Somalia Civil Aviation Authority maintains that the federal government alone is responsible for controlling national airspace and handling visa regulations under international aviation standards.
Former telecommunications minister Mohamed Ibrahim criticized how the situation was handled, saying that while cyberattacks happen in many countries, the government should have communicated openly and promptly with the public. He argued that transparency is essential in maintaining trust, especially when people’s personal information is involved.
The Immigration and Citizenship Agency has promised to improve its cybersecurity measures by strengthening user authentication, increasing encryption standards and adopting internationally recognized security protocols across all government digital platforms. The agency says it is committed to preventing a similar incident in the future and restoring public confidence in the country’s digital services.