Somalia Confirms Major E‑Visa Data Breach — 35,000 Travelers Potentially Exposed

Somalia's Immigration and Citizenship Agency has publicly confirmed that hackers breached its electronic visa (e‑visa) platform, potentially exposing sensitive personal information for tens of thousands of travellers.

The agency's admission on Sunday is the first formal acknowledgment from Mogadishu after warnings from the United States and the United Kingdom earlier in the week. A US Embassy statement on November 13 said 'unidentified hackers' had accessed the system and that at least 35,000 people — including thousands of American citizens — may have had their data exposed.

Defence Minister Ahmed Moalim Fiqi had earlier praised the e‑visa scheme, saying it helped prevent ISIL (ISIS) fighters from entering Somalia as government forces continue a months‑long campaign against a local affiliate in northern regions. The potential leak gained wider attention when clusters of accounts on the social media platform X circulated what they said were personal records belonging to affected individuals.

The breach has highlighted vulnerabilities in a digital system that Mogadishu had promoted as a tool to strengthen national security. The immigration agency said it was treating the incident with 'special importance' and has opened an investigation.

Officials said investigators are probing 'the extent of the attempted breach, its origin, and any potential impact' and that a formal report would be produced and affected individuals would be notified directly.

However, the agency did not provide a confirmed victim count or a timetable for completing the probe. After the incident surfaced, the government quietly migrated the e‑visa service to a new website domain — a move that drew criticism for a lack of public explanation.

Mohamed Ibrahim, a former Somali telecommunications minister and technology specialist, told Al Jazeera that while hacking is an expected challenge, officials' lack of transparency is a serious concern. 'Somalia isn't high‑tech, and hacking, in itself, is neither here nor there. But they should have been upfront with the public,' he said, adding questions about why the e‑visa site's URL was changed remain unanswered.

On Saturday the immigration agency's director‑general dismissed media coverage as part of 'coordinated misinformation campaigns' aimed at undermining state institutions. Mustafa Sheikh Ali Duhulow told an audience in Mogadishu: 'A Somali individual cannot undermine the dignity, authority, honour or unity of the state,' without directly addressing the hacking allegations.

The incident has also inflamed tensions with Somaliland, the self‑declared breakaway region that rejected the federal government's visa authority. Somaliland officials accused Mogadishu of being 'institutionally irresponsible' for keeping the portal online after the breach. One day before the breach became public, Somaliland had declared that 'entry visas issued by the Federal Government of Somalia bear no legal validity' within its territory.

The UK embassy warned travellers on November 14 that 'this data breach is ongoing and could expose any personal data you enter into the system,' advising people to consider the risks before applying for an e‑visa. For now, Somali authorities say the investigation is ongoing and have pledged to publish a report and notify those affected when more details are confirmed.