Somalia Confirms Major Data Breach in E-Visa System, 35,000 Exposed

Somalia has confirmed a major data breach in its new electronic visa system, exposing sensitive personal details of more than 35,000 travelers who applied to enter the country since September 1, 2025. Officials say the incident is one of the largest government data exposures in Africa in recent years, and it has triggered investigations, diplomatic fallout, and fresh questions about the safety of digital immigration systems in Somalia and beyond.

What was affected and how

The affected platform, the Electronic Travel Authorization System (E-TAS), was launched to modernize border control and replace paper-based visas. Hackers gained unauthorized access to large volumes of personal data held in the system, including:

• Passport numbers
• Dates and places of birth
• Biometric identifiers (e.g., eye color, height)
• Scanned copies of passports
• Photographs and other identifying details

The Somali Immigration and Citizenship Agency confirmed an “unauthorized intrusion” and acknowledged that many travelers’ data—expected to be stored securely—was exposed.

Who is affected

Officials say travelers from multiple regions were impacted, including applicants from the United States 🇺🇸, the U.K., Australia, and several European Union countries. According to analysis by VisaVerge.com, the compromised dataset includes:

• Diplomats
• Aid workers
• Private contractors
• Security consultants

Many of these individuals work in high-risk environments. For some, the concern extends beyond identity theft to the possibility that hostile groups could use the data to track them or their families.

Government response and investigations

The agency announced the suspension of the electronic visa system while investigations continue. Actions taken or promised include:

• Involvement of Somalia’s national security services
• Engagement of international digital forensic specialists
• A promised full report and list of corrective measures (not yet released)

Officials say investigations aim to determine how intruders accessed the system, exactly what was accessed, and whether the information has been copied or sold.

“One of the largest government data exposures in Africa in recent years,” according to cybersecurity specialists who reviewed early findings.

Local reports and experts suggest leaked information was stored on personal devices and managed by a private contractor called Empire Tech Solutions, rather than on protected government servers. If confirmed, this points to weak controls over where and how sensitive immigration data was stored and raises questions about Somalia’s vetting of private technology partners.

Political and institutional fallout

The political impact was immediate. Somalia’s Security Minister, Abdullahi Sheikh Ismail Fartag, dismissed the deputy director of the Immigration and Citizenship Agency, Mohamed Kasim, days after the breach became public. He appointed Hussein Abdullahi Sheikh as the new deputy director, citing the need to improve performance amid scrutiny.

• The leadership change is widely seen as an acknowledgment of the seriousness of the failure.
• Many details about the breach and storage practices remain undisclosed.

Somaliland, the self-declared independent region Somalia claims as part of its territory, rejected the e-visa system outright, citing security and data-safety concerns. Officials there say the incident proves their earlier doubts and are refusing to rely on Somalia’s E-TAS infrastructure, adding regional political tension.

International reactions and travel advisories

Foreign governments have reacted with caution. The United States and the U.K. issued travel warnings urging citizens to carefully consider the risks before applying through Somalia’s electronic visa system. Their notices indicate exposed data may include:

• Full names
• Photographs
• Dates of birth
• Marital status
• Home addresses
• Email contacts

Neither government has formally told travelers to avoid Somalia, but both advise extra care while investigators work to secure the platform.

• The U.S. Department of State travel advisory for Somalia is available at: Travel.State.gov.

Practical implications for affected individuals

Many travelers now face difficult choices between data safety and essential work on the ground:

• Aid workers may have to submit fresh personal information to a system that has already failed or delay urgent missions.
• Security contractors worry that linking passport details to their roles could make them targets if the data is misused.

Cybersecurity professionals warn that exposed passport data and biometric details can circulate for years on criminal markets. Once such information is leaked, it cannot be changed like a password.

Diplomatic consequences

Reports indicate more than 60 foreign intelligence specialists have left Somalia, fearing revealed identities, travel patterns, or work locations. Some embassies have stopped using Somalia’s e-visa system, reverting to older channels or restricting staff travel. For a country aiming to be more open and accessible, this retreat is a significant setback.

Statements from Somali officials

Inside the immigration service, officials defend the broader goal of digitizing visa processing even as they face criticism over the platform’s handling. Mustaf Dhuhulow, Somalia’s Immigration Chief, has called the e-visa project a key national modernization effort. However:

• He has not yet addressed the technical weaknesses that allowed the breach.
• He has not provided detailed explanations about insecure storage of sensitive records.
• He has promised a detailed security briefing to “restore confidence” in the immigration process.

Outstanding questions and next steps

Many practical questions remain unanswered for affected applicants:

• Will travelers be contacted directly?
• Will they be offered credit monitoring or specific guidance on identity theft protection?
• Has the data been copied or sold?

International partners and Western governments providing technical help on border management are watching closely. Future cooperation on digital immigration tools will likely depend on whether Somalia can:

1. Show concrete steps to secure sensitive data.
2. Enforce strict rules on private contractors handling such information.
3. Publish transparent findings and corrective measures.

Broader implications

The breach highlights a broader risk: while electronic visa systems promise faster processing and less embassy time, they also introduce new vulnerabilities if security, oversight, and training are insufficient.

• Somalia’s experience is a reminder that moving immigration services online requires investment in security and strong governance.
• For thousands of travelers whose details were exposed, the risks are now personal and lasting.