MOGADISHU (Somaliguardian) – Somalia’s newly launched electronic visa platform has been found to contain serious security weaknesses that could allow unauthorised access to large volumes of sensitive personal data, according to an investigation by Al Jazeera.
The flaw, identified with the help of a source experienced in web development, could enable malicious actors to download thousands of e-visa records. The exposed information includes applicants’ passport details, full names and dates of birth, creating significant risks of identity theft, fraud and intelligence misuse.
Al Jazeera verified the vulnerability earlier this week and confirmed that the system allowed the rapid retrieval of e-visa documents belonging to applicants from several countries, including Somalia, Portugal, Sweden, the United States and Switzerland.
The source said they had alerted Somali authorities to the problem more than a week ago and provided evidence of the exposure, but reported receiving no response and seeing no remedial action taken.
Digital rights experts say breaches involving such sensitive data are particularly harmful, as they can place individuals at long-term risk across multiple jurisdictions. They also warn that failures to respond transparently to breaches can further erode public confidence in government digital services.
The discovery follows a major data breach reported last month, when the personal information of more than 35,000 e-visa applicants was leaked. That incident prompted warnings from the United States and the United Kingdom and led Somalia’s Immigration and Citizenship Agency to move the e-visa system to a new domain in an effort to strengthen security.
Despite assurances from officials that the earlier breach was being treated with urgency and was under investigation, the latest findings suggest that systemic weaknesses remain. Experts note that Somalia’s data protection framework requires authorities to notify regulators and affected individuals when serious breaches occur, particularly where the risks to individuals are high and cross national borders.
Al Jazeera said it has withheld technical details of the vulnerability to avoid facilitating further exploitation and confirmed that all sensitive data obtained during its investigation has been securely destroyed.
The Somali government was contacted with detailed questions and alerted to the newly identified flaw but did not respond.
The renewed concerns come as senior Somali officials have promoted the e-visa system as a key security tool, arguing that it has helped prevent armed groups from entering the country. However, analysts caution that rapid deployment of digital border systems without adequate safeguards often results in preventable vulnerabilities, leaving applicants with little ability to protect themselves once their data has been submitted.
info@somaliguardian.com
