Somalia’s E-Visa System In Crisis As Security Gaps Expose Personal Data, Raising Serious Concerns About Cybersecurity And Privacy

Published on December 21, 2025

Somalia’s e-visa system is facing a significant security breach, exposing thousands of travelers’ personal data to potential risks such as identity theft and fraud. This vulnerability, which allows unauthorized access to sensitive information, has raised serious concerns about the country’s cybersecurity measures. Despite the breach being reported to authorities, no action has been taken to resolve the issue, putting both Somali citizens and international travelers at risk. The lack of response highlights critical gaps in the system’s security and threatens public trust in digital infrastructures.

Somalia’s electronic visa system has been found to have significant security flaws, putting sensitive personal data at risk. A recent investigation by Al Jazeera revealed that the system lacks the necessary safeguards to prevent unauthorized access to e-visa data, which includes highly sensitive details such as passport numbers, full names, and dates of birth. This vulnerability has raised serious concerns about the potential exploitation of this data by malicious actors.

Al Jazeera’s investigation confirmed that the website’s lack of security protocols allows individuals to easily download e-visa information for thousands of applicants. This breach has left both Somali citizens and foreign nationals vulnerable to identity theft, fraud, and other forms of exploitation. The system flaw was brought to the attention of the Somali authorities last week, but no action has been taken to address the issue.

Cybersecurity experts are alarmed by the breach, noting that such lapses can lead to far-reaching consequences. Breaches involving sensitive personal data are particularly dangerous as they put people at risk of various harms, including identity theft, fraud, and intelligence gathering by malicious actors, highlighting the seriousness of the situation.

This is not the first time that Somalia’s e-visa platform has been in the spotlight for security issues. Just a month ago, authorities announced an inquiry into a previous hacking incident that compromised the platform. Al Jazeera’s team replicated the breach and was able to download e-visa data containing personal information from people across several countries, including Somalia, Portugal, Sweden, the United States, and Switzerland.

Despite alerting the Somali government about the security vulnerability, Al Jazeera received no response, and the flaw remains unresolved. The lack of a timely response raises questions about the government’s readiness to address critical cybersecurity concerns, particularly in the face of increasing digital threats.

One cybersecurity expert criticized the government’s rush to implement the e-visa system without fully understanding the potential risks involved. The rush to implement the e-visa system without adequately addressing potential risks, followed by its re-launch after a major data breach, underscores how ignoring public concerns and rights when rolling out digital systems can undermine trust and introduce unnecessary security weaknesses.

Somalia’s data protection laws mandate that data controllers notify both the data protection authority and individuals affected by a breach, but there has been no formal announcement regarding the most recent leak. Given that the breach affects people from multiple countries, including those governed by different legal jurisdictions, experts stress that additional safeguards should have been in place.

Al Jazeera refrains from sharing technical details about the breach to avoid giving hackers the means to replicate the exploit. Additionally, any sensitive data obtained during the investigation has been destroyed to protect the privacy of the individuals involved.

This security lapse follows another major breach earlier in November, when the personal data of over 35,000 e-visa applicants was exposed. The leaked information included names, photos, birth dates, and contact details. In response to this incident, Somalia’s Immigration and Citizenship Agency (ICA) shifted the e-visa platform to a new domain in an attempt to bolster security. However, the change appears to have been insufficient, as the new breach has exposed even more vulnerabilities.

At the time of the previous breach, the US and UK governments had warned their citizens about the potential risks posed by the compromised e-visa system. Despite the ICA’s claim that they were treating the issue with “special importance,” no substantial improvements have been made to prevent further incidents. Meanwhile, the Somali government continues to praise the e-visa platform’s role in preventing the entry of terrorist elements into the country, despite the platform’s significant security issues.

The lack of action on the part of the Somali government raises concerns about the country’s commitment to protecting its citizens’ data. Governments frequently push to launch e-visa systems quickly, which often results in security vulnerabilities. In the process, crucial data protection and cybersecurity measures are often overlooked. It is difficult for people to protect themselves against these types of breaches, as the data they provided is required for a specific process.

As Somalia continues to develop its digital infrastructure, the importance of robust security measures cannot be overstated. With cyber threats growing globally, the government must take immediate action to ensure that personal data is properly protected. The failure to do so not only jeopardizes the security of individuals but also undermines public trust in the country’s digital systems.

Somalia’s e-visa system is in dire need of a comprehensive security overhaul. With sensitive data being left vulnerable to exploitation, it is crucial that the government addresses these issues swiftly to prevent further breaches. The lack of response from authorities following these incidents highlights the urgent need for stronger data protection measures and a more responsible approach to digital infrastructure development.