Ghana government agency suffers massive data breach – CAJ News Africa

from RUSSELL ADADEVOH in Accra, Ghana
ACRA, (CAJ News) A DATA breach carried out by suspected cybercriminals has reportedly exposed up to 700,000 people across Ghana to fraud, hacking and identity theft.

The offense against the National Service Secretariat (NSS) also revealed the institutions in which the victims worked and the Ghanaian government itself.

vpnMentor, the pro bono service that works to help the online community defend itself against cyber threats, has warned that the breach poses a serious risk to the government of Ghana and thousands of citizens across the African country. from West.

Led by Noam Rotem and Ran Locar, the vpnMentor research team uncovered the data breach.

The NSS is a government program that administers a compulsory year of public service for graduates of certain educational institutions in Ghana.

Each year, thousands of students join the program from across the country to work in various public sectors, including health care.

NSS used Amazon Web Services to store more than 3 million files of its programs.

Despite password protecting some of the files in his cloud storage account, simple oversights by the creators of the account and uploading and organizing the files to the S3 bucket made this insufficient, and many files were still exposed.

The NSS also used the S3 bucket to store participants’ ID documents and program membership cards.

These included government IDs, such as Ghana’s National Health Insurance Scheme, and professional IDs, most likely based on a person’s placement in certain industries.

The NSS stored different types of passport photos submitted by participants with different degrees of protection installed.

The Ghana Computer Emergency Response Team (CERT-GH) is cited as having verified and confirmed the vulnerability.

“A report has been prepared and shared with CERT coordinating government agencies. We will follow up to make sure the issue is resolved as soon as possible,” one response read.

According to vpnMentor, around the world, cyberattacks are on the rise and the general public is increasingly aware of the dangers.

At the same time, in many countries, trust in government is rapidly deteriorating, often fueled by online misinformation, misinformation, conspiracy theories and the COVID-19 pandemic.

“Hopefully this data will stay out of reach of criminals,” vpnMentor said.

– CAJ News