SENEGAL closed its national ID card office after a ransomware cyberattack disrupted ID, passport and biometric services, with authorities saying operations were suspended while they assessed the impact. The incident was claimed by a new ransomware group named Green Blood Group, which said it stole 139 GB of data including citizen records, biometric information and immigration documents.
Officials have sought to reassure citizens that the integrity of their data was not affected, even as 19.5 million residents were warned of the outage. The report notes data was leaked, including an email from Quik Saw Choo, senior GM at Malaysia’s IRIS Corporation, which is helping develop Senegal’s digital ID cards, and that IRIS cut network access to one server, changed passwords on another, and planned to dispatch a technical team to Dakar.
The breach reportedly occurred after two DAF servers were breached on 19 January, with one server containing card personalization data. Authorities are continuing to investigate and coordinate with external cybersecurity experts.