Somalia’s Immigration and Citizenship Agency says it has launched an investigation into a cyberattack on its e-visa platform, after warnings from foreign governments that the breach may have exposed the personal data of tens of thousands of travellers.
In a statement, the agency confirmed that the compromised e-visa system has been migrated to a new website and said the matter was being treated with “special importance.” Officials, however, did not clarify how many applicants were affected or provide details on the nature of the intrusion.
The move comes after the United States and the United Kingdom warned that the cyberattack may have compromised data from more than 35,000 visa applicants, including foreign nationals and American citizens. The incident drew wider attention last week when social media accounts began circulating what they claimed were screenshots of leaked personal information, sparking alarm among potential visitors and security analysts.
The breach has raised fresh questions about the robustness of Somalia’s digital infrastructure, which authorities have frequently promoted as a key tool for modernising government services and strengthening national security through better data collection and border management.
Former telecommunications minister and technology expert Mohamed Ibrahim criticised the government’s handling of the situation, arguing that officials should have been more transparent and proactive in informing the public and affected users.
At the same time, officials in Somaliland accused the federal government in Mogadishu of “institutional irresponsibility” for keeping the original visa portal active for a period after the initial attack was detected, implying that more data might have been exposed as a result.
The controversy comes against a backdrop of renewed tension between Somalia and the self-declared Republic of Somaliland over control of airspace and border systems, with both sides trading warnings over travel and visa policies. The e-visa breach is likely to intensify debates about who controls what data, and how securely it is managed.
Cybersecurity specialists say the incident underscores the need for stronger digital safeguards, regular security audits and clear incident-response protocols, especially as governments across Africa and beyond digitise critical services such as immigration, taxation and national ID systems.
For now, Somali authorities are urging travellers to use only the newly designated e-visa website and say they are working with “relevant partners” to determine the scale of the breach and prevent future attacks. Affected applicants have yet to receive direct notification or guidance on how to protect themselves from potential identity theft or fraud.
