A source told Al Jazeera that Somalia’s electronic visa (e-visa) system has a security flaw that could put the personal data of visa applicants at risk.
The source said they had raised the issue with Somali government officials last week to warn them of the risk, but had not received a response.
They said that despite the warning, the flaw had not been fixed and the issue still remains.
Bridget Andere, a senior analyst at digital rights group Access Now, told Al Jazeera that a personal data breach was a serious threat, as it could expose people to problems including identity theft, financial fraud, and the data being used for espionage.
The new threat comes a month after the Somali government said it had launched an investigation into a previous hacker attack on the country’s e-visa system.
This week, Al Jazeera was able to replicate the risks outlined by the sources, and easily downloaded e-visas containing sensitive information from many people.
The data included citizens of Somalia, Portugal, Sweden, the United States and Switzerland.
Al Jazeera has contacted the Somali government again, sending questions and warning them about the system’s flaws, but has yet to receive a response from the government.
Bridget Andere said that rushing to implement the e-visa system without preparing for security risks is damaging public trust and creating avoidable loopholes.
She also criticized Somali authorities for not publicly disclosing the massive e-visa data breach in November.
She added that Somalia’s data protection law requires data controllers to notify the data protection authority and affected individuals of such breaches, especially when they involve people from different countries.
Al Jazeera did not provide technical details about the security flaw, as it has not yet been fixed, to prevent hackers from exploiting it.
All sensitive information obtained during the investigation was deleted to protect the privacy of the people involved, according to the Al-Jazeera investigation.
Last month, the US and UK governments warned of a data breach that exposed the personal information of more than 35,000 Somali visa applicants. The leaked data included names, photos, dates of birth, home addresses, and marital status.
Following the incident, the Somali Immigration and Citizenship Authority (ICA) changed its e-visa website, moving it to a new domain to enhance security.
However, experts say that many governments are rushing to implement e-visa systems, which often leads to insecurity, while people find it difficult to protect themselves as the information required is mandatory for the travel process.
