MOGADISHU (KAAB TV) – Somalia’s newly launched e-visa portal has suffered a massive data breach, with hackers claiming to have infiltrated the system and released sensitive information belonging to over 35,000 applicants.
On Monday, the official e-visa site, evisa.gov.so, went offline under the pretext of “permanent maintenance.” But by evening, a hacker collective calling itself “Operation Birjeex 2025” said it had seized control of the system, calling the incident “The Digital Heist.”
In a manifesto, the group stated they had “taken over the keys to etas.gov.so,” alleging deep corruption: they claim the system was outsourced to a private firm, Empire Tech Solutions in Nairobi, and that critical management credentials were tied to unsecured Gmail accounts.
Cybersecurity specialists who reviewed parts of the leak say about 35,417 passport and visa application records were exposed.
The leaked data reportedly contains:
Full names, nationalities, scanned passport pages, and sometimes biometric data.
Applicants from dozens of countries, including the U.S., U.K., Australia, Kenya, Colombia, and several European nations and sensitive system-level credentials such as administrator passwords, according to some reports.
Somaliland Chronicle, citing cybersecurity experts, also claimed that banking and credit card data used for visa payments were part of the leak. Somaliland Chronicle
Security analysts describe this as one of the most serious government data breaches in Somalia’s history — pointing not just to technical failure, but to deeper weaknesses in national digital governance.
Some of the leak’s most alarming implications include travel records and biometric data of diplomats, aid workers, and contractors are now publicly exposed.
The leak could be exploited by militant groups (such as Al-Shabaab) or criminal networks to target individuals.
The fact that administrator credentials appear to be compromised raises the risk of ongoing manipulation of the e-visa system.
The attackers framed their actions as political: in their manifesto they argue the $64 visa fee is part of a “corrupt plan” by Mogadishu to exert control over Somaliland.
One of the more controversial claims from the hackers is that the e-visa system has been used to process visas for Colombian citizens who later appeared in conflict zones such as Sudan.
According to media reports, some of these individuals may have been linked to paramilitary activity.
If verified, this could suggest that Somalia’s immigration system is being used — possibly with state complicity — to facilitate movement of foreign fighters.
Somalia’s Immigration and Citizenship Agency (ICA) has acknowledged a “possible compromise” but has not yet released a detailed public statement.
Interior Minister Ahmed Mo Fiqi denied allegations of state involvement in any transfer of foreign fighters, calling the incident a “criminal cyberattack … designed to discredit our institutions.”
The U.S. Embassy in Somalia issued a security alert, warning that the data breach “may have exposed the personal data of at least 35,000 travelers,” including U.S. citizens.
Diplomats, aid workers, and other affected individuals are being urged to monitor for identity theft and take precautionary measures.
The leak has intensified political tensions with Somaliland, which rejected the federal e-visa system when it was launched.
Regional experts are questioning whether Somalia’s push to digitize public services outpaced its investment in basic cybersecurity.
This incident highlights a growing challenge for Somalia: as it builds digital institutions, it appears to lack strong safeguards. According to governance reports, the country’s cybersecurity capacity remains underdeveloped.
Experts argue that the rush to modernize (e.g., with e-visas) may have come without sufficiently securing the infrastructure.
What was billed as a modernization milestone — an online visa system to streamline entry into Somalia — has turned into a high-risk security and political crisis. The “Digital Heist” raises urgent questions about how state functions are outsourced, how sensitive data is protected, and whether Somalia’s digital sovereignty truly belongs to its government.