Wednesday, June 3, 2026
Opinion

Op-Ed | Why the e-visa data breach won’t stop Somalia’s digital rise

By Hussein Abdirizak
Illustration of a 'Data Leak' with computer figurines, symbolizing the Somalia e-visa data breach.
Figurines with computers and smartphones are seen in front of the words 'Data Leak' in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration

SHARE

Mogadishu (Somalia Today) — The recent data breach of Somalia’s new e-visa system was, without question, a serious security incident. However, to view this event merely as a failure is to overlook the broader strategic context.

This breach is not an indictment of Somalia’s digital ambitions; rather, it is a harsh but necessary “trial by fire.” It provides the critical, real-world lessons needed to build a truly resilient and sovereign digital state.  

A bold digital vision

It is essential to note that the ambition behind the e-visa system was commendable and well-founded. The launch on September 1, 2025, was a “historic step”.

For a nation rebuilding its institutions, the ability to launch a modern, digital platform that aligns the country with global standards is a significant achievement.  

This system was never just about visas; it was a visible symbol of a new, resurgent Somalia.

It is a key component of a broader, internationally supported digital transformation agenda. This includes the foundational new national digital ID program, managed by the National Identification and Registration Authority (NIRA) and backed by the World Bank.

The goals were sound: to enhance national security, boost the economy by simplifying travel, and build institutional trust. This bold vision is the right one for Somalia’s future.  

A universal challenge

While this breach is a setback, it is essential to put it into a broader global context. Data breaches are not a uniquely Somali problem; they are a universal risk of the 21st century. Even the world’s most developed nations have faced cyber-catastrophes on a far grander scale.  

A prime example is the 2015 breach of the United States Office of Personnel Management (OPM). This is considered one of the largest government data breaches in U.S. history.

State-sponsored attackers stole the records of 22.1 million federal employees and contractors. The stolen data included highly sensitive security clearance files containing decades of personal information—a catastrophic counter-intelligence failure.  

This is not an isolated case. In 2021, a massive ransomware attack severely disrupted Ireland’s national Health Service Executive (HSE). In 2015, hackers breached the German Federal Parliament (Bundestag), and in 2025, cyberattacks brought major European airports to a standstill.

These incidents show that no system is invulnerable. The true measure of a nation is not whether it can prevent every attack, but how it responds, learns, and builds resilience.  

A grave security threat

This incident must not discourage Somalia from its digital path. To abandon this progress and revert to outdated, paper-based systems would be a far greater strategic error.

The benefits of digitalization are non-negotiable for Somalia’s development. E-governance is essential for enhancing transparency, improving government efficiency, and fostering citizen trust.

A secure e-visa system boosts tourism and investment, signals stability, and provides a robust tool for monitoring security. This breach does not invalidate these goals; it simply highlights the critical need to secure the infrastructure that underpins them. This is a mandate to fix the execution, not abandon the mission.  

A geopolitical crime

The political dimension of this attack cannot be ignored. The e-visa system was a clear and legal exercise of the Federal Government of Somalia’s sovereignty over its national borders, an authority recognized by international law.  

The response from Somaliland, which has long disputed this authority, is highly suspect.

Somaliland officials not only rejected the system, but its foreign minister and associated media outlets issued specific warnings about the system’s “unsafe” nature and precise vulnerabilities before the breach became public knowledge.  

This was immediately followed by:

A cyberattack, claimed by a group known as “Operation Birjeex 2025,” which explicitly invokes the legacy of the Somali National Movement (SNM)—the group that founded modern Somaliland.  

An immediate and dangerous move by Hargeisa “to assert control over its airspace,” issuing conflicting instructions to international flights in a direct violation of ICAO (International Civil Aviation Organization) standards, which recognize Mogadishu’s sole authority.  

This sequence of events provides the FGS with a powerful case to present to the world. As you noted, this is a “major crime.”

Somalia should use this clear evidence to “tighten its grip” by petitioning international bodies like the UN and ICAO, demonstrating that these actions are not just a political dispute but a coordinated campaign that threatens international aviation safety and regional stability.

The path forward

Finally, the steps to secure Somalia’s digital future are clear and achievable. This incident reveals the exact playbook for building a stronger system.

Establish sovereign control: The primary lesson is that Critical National Infrastructure (CNI) cannot be managed with weak oversight. Reports that the system was outsourced to a private contractor using insecure personal email accounts are alarming.

The FGS must immediately empower its own institutions, chiefly the National Communications Authority (NCA) and SomCIRT, to be the sole and secure guardians of this sovereign data.

Outsourcing core functions without robust oversight is a known pitfall, especially in fragile states.  

Implement security best practices: The government must immediately enforce standard, non-negotiable security protocols on all systems, including mandatory Multi-Factor Authentication (MFA), aggressive software patching, and strict privilege-access controls.  

Build the legal framework: The government must expedite the passage of the pending Cybersecurity Bill and Cybercrime Act in the parliament. These laws provide the legal teeth necessary to prosecute offenders and enforce security standards.  

Invest in people: True, long-term security comes from investing in a Somali cybersecurity workforce. The FGS should expand international partnerships, like the recent successful MoU with CyberSecurity Malaysia, to train and equip its own citizens to defend their digital borders.  

My take is this: this breach is a gift, albeit a painful one. It exposed critical vulnerabilities at an early stage, before the entire national digital ecosystem was fully interconnected.

Somalia now has the opportunity to absorb these hard-won lessons and rebuild its digital infrastructure on a foundation of security and sovereignty. This crisis will serve as the catalyst that ensures the long-term success and resilience of Somalia’s digital future.  

Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of Somalia Today.

Hussein Abdirizak
Hussein Abdirizak
Hussein Abdirizak is a Mogadishu-based political analyst and commentator covering politics, governance, security dynamics, and the economy across Somalia and the Horn of Africa.

Table of contents [hide]

Read More

Somalia Today is an independent, non-profit newsroom providing the trusted, fact-based journalism needed to strengthen democracy, hold power accountable, and share Somalia's authentic story with the world. From Somalia, For the World.

Company

© Designed and Developed by Somalia Today.