Senegal has confirmed a cyberattack on the Directorate of File Automation (DAF), the government agency responsible for managing national identity cards, passports, biometric records and electoral data.
The incident forced the temporary suspension of national ID card production and disrupted key identity services used by millions of citizens.
In an official public notice, the Directorate of File Automation (DAF) announced that operations were halted after detecting unauthorized activity within its systems. Authorities stated that restoration efforts are ongoing and maintained that no personal data has been compromised.
However, concerns have grown as the agency’s website remained offline days after the announcement. Given DAF’s role in handling highly sensitive biometric and identification data, the breach has raised significant national security and data protection questions.
A ransomware group calling itself The Green Blood Group has claimed responsibility for the attack. The group alleges it exfiltrated approximately 139 terabytes of data, including citizen records, biometric information and immigration documents. It also reportedly released samples of the alleged data on the dark web.
The group shared what it described as an internal email from IRIS Corporation Berhad, a Malaysian firm working with Senegal on its digital national ID system. The email allegedly indicated that two DAF servers had been breached and that card personalization data may have been accessed. Emergency measures were reportedly implemented, including disconnecting network links and restricting external system access.
Senegalese authorities continue to insist that data integrity remains intact, though investigations are ongoing.
The DAF oversees Senegal’s core digital identity infrastructure. Any confirmed compromise of biometric or identity data could have long-term implications, including identity fraud and misuse of sensitive personal information.
The incident follows a recent cyberattack on Senegal’s tax authority, pointing to a broader trend of cyber threats targeting critical government systems. Cybersecurity analysts say such attacks demonstrate the increasing activity and coordination of ransomware groups operating across Africa.
