Concerns have emerged over a possible cybersecurity breach involving the Federal Government’s Nigeria Education Management Information System (NEMIS), the centralized digital platform that collects, manages and reports data across the country’s education sector. Checks by The Guardian on Thursday as of 11:20am showed that the website displayed a warning indicating that attackers could be attempting to obtain information from visitors.
The suspected compromise has raised questions about the security of one of Nigeria’s most critical education databases, which serves as a repository for information used in planning, policy formulation and monitoring of educational activities nationwide. Managed by the Federal Ministry of Education, the digital platform aggregates information from institutions across the education sector, including records of public and private schools, student enrolment figures, teacher profiles and details of educational infrastructure. The system also captures key indicators including access to education, retention and completion rates, which are used by policymakers to monitor performance and allocate resources.
Expert Analysis on the Security Alert
Speaking with our correspondent, data analyst Joseph Dokhare explained that the “connection is not private” alert appearing on the website could stem from a range of underlying causes. He explained that certain messages that appear on sites are primarily preventive notifications designed to caution visitors, stressing that the warning does not automatically mean that the website has been hacked, but indicate a security issue that should be treated with caution.
“Before we can say it has been hacked, we have to see reliable data that were leaked from that service. Somebody whose registered data is now leaked, that’s what we can say it has been hacked,” he said. On what could be responsible for such display on the site, Dokhare said “It could be that they have not adhered to some security rules. It’s like you don’t have a gatekeeper in your house, you don’t have security in your street, you are already exposed. It does not mean you have been attacked. Somebody is trying to flag that, ‘hey, you are exposed, you have not done ABC'”.
Recommendations for Enhanced Security
He advised the website administrators to ensure full compliance with established cybersecurity protocols and strengthen the platform’s security architecture to prevent unauthorised access and protect users’ data from potential breaches. According to him, adopting robust security measures and adhering to best practices in data protection are critical steps in safeguarding the website against hacking attempts. Experts say while the alert may stem from routine certificate errors, it could also point to more serious security concerns that require urgent attention.
When contacted, Ikharo Attah, Special Adviser (Media and Communications) to the Education Minister, told our correspondent that he was in a meeting and would call back.
