News
Data breach: NITDA to investigate Lagos State Internal Revenue Service, data controllers
The National Information Technology Development Agency (NITDA) says it will investigate the Lagos State Internal Revenue Services (LIRS) and other data controllers for alleged breach of tax payers’ data in the state.
Mr Kashifu Inuwa, the Director General of NITDA, made this known on Friday in a statement he signed and issued in Abuja.
According to Inuwa, LIRS published a web portal with address https://lagos.pay.ng/TaxPayer, where personal information of tax payers in the state was exposed to the public.
The director, however, said although the state government had taken steps to mitigate the glitch but it was still against the Nigeria Data Protection Regulation (NDPR) and NITDA Act of 2007.
He emphasised that the NDPR seeks to protect citizens’ data and not divulging their information without consent.
“NITDA was reliably informed and duly ascertained that the LIRS published a web portal – https://lagos.qpay.ng/TaxPayer – where personal information of tax payers of Lagos State was gleaned by the general public.
“This is in breach of the NDPR, 2019. We have also been informed that the LIRS has indicated that public access to the portal was a glitch from a consultant of the service and that the portal has been duly disabled.
“We commend LIRS for the swift remedial action in disabling the portal and pulling the website away from the public domain.
“We however warn that glitches of this kind do not insulate LIRS from responsibility or culpability from whatever actions, civil or criminal, that may arise from such glitch.
“The agency will further investigate this breach and the circumstances surrounding it with the aim of assessing the impact of the breach,” Inuwa said.
The NITDA boss added that they would determine and ensure that data controllers or processors connected to the breach took responsibility and penalised to avoid future occurrence because confidential information of data subjects were exposed.
He also advised the public to be vigilant and report immediately to NITDA or other law enforcement agencies if they noticed that the information of any data subject on the LIRS database was further disclosed.
“We enjoin all parties to cooperate with NITDA as we seek to protect the personal and confidential information of Nigerian citizens from misuse and abuse.”
Inuwa said the agency could be reached through its email address: [email protected],Twitter handle- @NITDANigeria or Facebook address – https://web.facebook.com/nitda.nig/.