Senegal shuts National ID office after ransomware attack

Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned the country’s 19.5 million residents that operations were suspended while officials assessed the impact and worked to restore services securely. The authorities sought to reassure citizens, stating that the incident did not affect the integrity of their data. A new ransomware group called Green Blood Group claimed it breached the agency and stole 139 GB of data, including citizen records, biometric information, and immigration documents. The group published a list of documents & backup files as proof of the hack. Hackers leaked data and an email from Quik Saw Choo, senior GM at Malaysia’s IRIS Corporation, which is helping create Senegal’s digital ID cards. In the Jan 20 email, Choo told Senegalese officials that hackers breached two DAF servers on Jan 19, stealing card personalization data from one. IRIS cut network access to one server, changed passwords on the other, and blocked foreign mission connections. Choo said Malaysian cybersecurity experts were assisting and planned to travel to Dakar on Jan 22 to investigate and fix the issue. The cyberattack comes amid an ongoing standoff between the Senegalese state and Iris Corporation over unpaid invoices. That request has raised questions about a possible link between the commercial dispute and the cyberattack, although no official confirmation has been made.