SomaliReport Logo

Somalia’s Digital Visa System Exposes Thousands to Data Risks, Al Jazeera Investigation Reveals

An Al Jazeera investigation has found critical security flaws in Somalia’s e-visa system, exposing sensitive personal data of thousands of visa applicants to unauthorised access.

DECEMBER 24, 2025|Mohamud Ali|
Share:

Mogadishu, SomaliReport - Somalia’s electronic visa system is facing renewed scrutiny after an Al Jazeera Investigations inquiry uncovered serious security weaknesses that allow unauthorised access to highly sensitive personal data belonging to visa applicants.

According to Al Jazeera’s findings, Somalia’s e-visa website lacks basic security safeguards, making it possible for virtually anyone with technical knowledge to download visa files containing passport numbers, full names, dates of birth and other private information.

The vulnerability was independently verified by Al Jazeera this week after receiving a tip from a source experienced in web development. The source shared evidence showing that they had alerted Somali authorities about the flaw more than a week earlier, but no corrective action had been taken. Despite repeated warnings, the source told Al Jazeera that the system remained exposed and accessible.

Personal Data at High Risk

Digital rights experts warn that breaches involving identity documents and travel data pose serious dangers. “Breaches involving sensitive personal data are particularly dangerous as they expose individuals to risks such as identity theft, fraud, and intelligence exploitation,” Bridget Andere, a senior policy analyst at digital rights organisation Access Now, told Al Jazeera.

Al Jazeera reporters were able to reproduce the vulnerability themselves, successfully downloading e-visas belonging to dozens of individuals within a short period of time. The affected applicants included citizens from Somalia, the United States, Portugal, Sweden and Switzerland.

The investigation confirmed that the exposed files contained passport details and other identifying information that could be misused by criminal networks or hostile intelligence actors.

Authorities Silent Despite Alerts

Free Newsletter · Every Week

Sign up to the Somali Report

Get independent reporting on Somalia, the Horn, and the diaspora — delivered to your inbox every Monday.

Al Jazeera said it formally notified the Somali government about the newly identified flaw and sent questions requesting comment. No response was received. “The government’s decision to deploy and relaunch the e-visa system without addressing serious security risks demonstrates a troubling disregard for people’s rights and public trust,” Andere said in comments to Al Jazeera.

She also noted that Somali authorities had failed to issue any public notice following an earlier breach reported in November. “In high-risk cases like this, Somalia’s data protection law requires authorities to notify both the data protection regulator and affected individuals,” she added. “Additional safeguards are essential because this system involves multiple nationalities and legal jurisdictions.”

Technical Details Withheld

Al Jazeera said it would not publish technical specifics of the vulnerability because the flaw remains unpatched and disclosing details could enable hackers to replicate the breach. The media organisation also confirmed that all sensitive data obtained during the investigation had been permanently destroyed to protect affected individuals’ privacy.

A Pattern of Breaches

The latest discovery follows a previous breach last month that exposed the personal information of more than 35,000 e-visa applicants, prompting warnings from both the United States and the United Kingdom. At the time, the US Embassy in Somalia said leaked data included applicants’ names, photographs, birth details, email addresses, marital status and home addresses.

In response, Somalia’s Immigration and Citizenship Agency (ICA) moved the e-visa platform to a new web domain, stating that the issue was being treated with “special importance” and that an investigation had been launched. Earlier, Somalia’s Defence Minister Ahmed Moalim Fiqi publicly praised the e-visa system, saying it had helped prevent ISIL-linked fighters from entering the country amid ongoing military operations in northern regions.

Broader Concerns Over Digital Systems

Access Now’s Andere told Al Jazeera that Somalia’s case reflects a broader global problem, where governments rush to digitise immigration services without adequate cybersecurity planning. “Data protection and cybersecurity are often the first considerations to be sacrificed,” she said. “Individuals cannot realistically protect themselves because providing this data is mandatory for the visa process.” As Somalia accelerates its digital transformation, Al Jazeera’s investigation raises urgent questions about whether security, accountability and public trust are keeping pace with technological ambition.

Share:

Comments (0)

Sign in to leave a comment.