Somalia’s E-Visa system reportedly compromised in major Data breach

Over the past two weeks, mounting reports of a significant data breach within Somalia’s electronic visa (e-visa) platform have gone viral across social media. Unverified accounts claiming affiliation with anonymous hacking groups allege they have gained full control of the system and leaked tens of thousands of sensitive documents belonging to visa applicants from multiple countries.

According to the circulating claims, more than 35,000 passport records were compromised. The alleged trove includes scanned passports, biometric data, personal contact details, and supporting documents. Among the leaked files are said to be the records of diplomats, aid workers, and foreign contractors who applied for Somali visas. More troubling, some of the dataset reportedly contains passport information of Colombian nationals linked to Sudanese militia networks.

Despite the mounting reports on the breach, the Federal Government of Somalia has not issued any official statement, leaving the scale, cause, and even the validity of the alleged breach unaddressed. This prolonged silence has exaggerated public concern, particularly among the thousands of applicants who submitted personal information through the online visa system.

International partners, however, have begun responding. On November 11, 2025, the U.S. Embassy in Mogadishu released a security notice stating that “multiple sources reported credible allegations that unidentified hackers penetrated Somalia’s e-visa system, potentially exposing the personal data of at least 35,000 people, including possibly thousands of U.S. citizens.” The embassy said. “Leaked data from the breach included visa applicants’ names, photos, dates and places of birth, email addresses, marital status, and home addresses. While Embassy Mogadishu is unable to confirm whether an individual’s data is part of the breach, individuals who have applied for a Somali e-visa may be affected.”

The United Kingdom’s Foreign Travel Advisory also updated its guidance, warning travelers that the breach is ongoing and advising them to consider the risks before applying for an e-visa.

The reported, though still unverified, data breach comes at a time when the Somali federal government is at odds with Somaliland over the management of airspace. The federal government recently introduced a centralized e-visa system, which has drawn criticism from Somaliland authorities. Claiming independence, Somaliland argues that the new system undermines its autonomy. This dispute has already led to several confrontations between the two sides.

Somaliland’s Ministry of Civil Aviation and Airports Development (MOCAAD) has accused the federal government of leveraging airspace management for political gain. In response, MOCAAD issued a directive requiring all civil aircraft — both commercial and general aviation — to obtain prior authorization before entering or operating within Somaliland’s airspace. The ministry asserted Somaliland’s exclusive sovereignty over its territory and airspace, warning that unauthorized flights would face legal consequences under both national and international law.

In September 2025, Somaliland authorities introduced a Visa on Arrival scheme at Egal International Airport, widely seen as a countermeasure to Mogadishu’s e-visa rollout. The following month, MOCAAD raised concerns about travel difficulties encountered by Somaliland citizens holding Western passports and cautioned that non-compliant operators could be denied access to Somaliland’s airports and airspace.

These developments come amid long-standing disputes over aviation control, which have persisted since Somalia resumed oversight of its airspace from the United Nations in 2017. Recent agreements between Puntland and Somaliland have also accused the federal government of politicizing aviation administration.

Moreover, the e-visa controversy has reached Somaliland’s private sector. Ismail Ahmed, a prominent businessman and founder of the UK-based digital money transfer service WorldRemit, publicly accused Premier Bank, one of the largest financial institutions operating in both Mogadishu and Hargeisa, of supporting or facilitating the e-visa system. Premier Bank has denied any involvement.

In response, the Central Bank of Somaliland issued a formal statement defending Premier Bank. It clarified that “the e-visa service agreement implemented in Somalia was carried out in Somalia. The Premier Bank of Somaliland had no involvement whatsoever in that process, nor does it operate under the financial regulations or laws of Somaliland.” The communiqué further warned citizens to be cautious about what they read and write on social media and to refrain from making unsubstantiated accusations. It emphasized that individuals who engage in defamation, false allegations, or actions that undermine national institutions responsible for safeguarding the country’s sovereignty will be held accountable.

As claims of the data breach continue to circulate, the absence of an official response from Mogadishu leaves critical questions unanswered: Was the breach real? What was the extent of the compromise? What measures, if any, are being taken to protect the personal information of thousands of applicants?

For now, the alleged breach remains unconfirmed and unacknowledged by Somali authorities. If verified, it would mark the first incident of its kind in Somalia and raise serious concerns about the government’s capacity to protect digital records. This is particularly significant given the government's recent mandates, not only requiring the use of e-visas but also introducing a digital national ID system, which it claims is essential for national security. The government has instructed all public and private institutions to require the national ID for access to services.