Senegal closed its national ID card office after a ransomware cyberattack disrupted ID, passport, and biometric services.
Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned the country’s 19.5 million residents that operations were suspended while officials assessed the impact and worked to restore services securely.
The authorities sought to reassure citizens, stating that the incident did not affect the integrity of their data.
A new ransomware group called Green Blood Group claimed it breached the agency and stole 139 GB of data, including citizen records, biometric information, and immigration documents.
The group published a list of documents & backup files as proof of the hack.
Hackers leaked data and an email from Quik Saw Choo, senior GM at Malaysia’s IRIS Corporation, which is helping create Senegal’s digital ID cards. In the Jan 20 email, Choo told Senegalese officials that hackers breached two DAF servers on Jan 19, stealing card personalization data from one. IRIS cut network access to one server, changed passwords on the other, and blocked foreign mission connections. Choo said Malaysian cybersecurity experts were assisting and planned to travel to Dakar on Jan 22 to investigate and fix the issue.
CYBERALERT –
SENEGAL
Le Département de l’Automatisation des Fichiers -DAF- a été victime d’une cyberattaque… 139 To de données sensibles de toute la population sénégalaise, de l’immigration et autres documents concernés
Le groupe cybercriminel “The Green Blood” a… pic.twitter.com/MuRp0WP9ej
— SaxX ¯_(ツ)_/¯ (@_SaxX_) February 5, 2026
“The cyberattack comes amid an ongoing standoff between the Senegalese state and Iris Corporation, the Malaysian firm awarded the contract to produce the country’s digital National Identification Cards (CNI). The dispute centers on unpaid invoices. According to sources, once the breach was detected, Iris Corporation requested that DAF shut down all systems while it prepared to dispatch its technical team to Dakar.” reported the Gambia Journal.
“That request has raised questions about a possible link between the commercial dispute and the cyberattack, although no official confirmation has been made. Authorities have so far not publicly attributed responsibility or detailed the scope of any data compromise.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Senegal)