Somalia has confirmed a massive data breach of its electronic visa system, exposing the personal data of more than 35,000 travelers. The U.S. and U.K. have issued urgent warnings as the government launches an investigation amid political tensions, security fears, and escalating disputes with Somaliland
Mogadishu — For the first time, Somalia has officially confirmed that its electronic visa system was breached, exposing the personal information of tens of thousands of international travelers and prompting urgent warnings from Western governments and renewed scrutiny of the country’s fragile digital infrastructure.
Somalia’s Immigration and Citizenship Agency acknowledged on Sunday that “unidentified hackers” infiltrated the platform, marking the federal government’s first public admission days after the United States and United Kingdom issued travel alerts.
The breach may have compromised the personal data of at least 35,000 visa applicants, including thousands of U.S. citizens, according to a U.S. Embassy advisory issued November 13. The U.K. Embassy followed with its own warning, calling the breach “ongoing” and urging travelers to reconsider submitting any new applications.
“This data breach is ongoing and could expose any personal data you enter into the system,” the British advisory said. “Consider the risks before applying for an e-visa.”
A System Praised for Security — Then Exposed
The breach is a sharp reversal for Somali officials who, just days earlier, had touted the e-visa system as a critical national-security tool. On Wednesday, Defense Minister Ahmed Moalim Fiqi praised the digital platform for preventing ISIL (ISIS) fighters from entering the country, calling it a “frontline defense” in ongoing counterterrorism operations in the north.
But by the weekend, clusters of accounts on the social platform X began circulating what they claimed was leaked data — full names, photographs, dates of birth, home addresses, marital status, and email contacts from visa applicants.
The agency said Sunday it was treating the breach with “special importance,” adding that investigators are working to determine “the extent of the attempted breach, its origin, and any potential impact.”
It pledged to release a public report and notify affected individuals directly. But officials did not provide a precise number of victims or a timeline for the investigation.
In a quiet, unexplained move, the government has since shifted the entire e-visa system to a new website — a change that only deepened suspicion among cybersecurity experts.
Experts Cite Transparency Failures
Mohamed Ibrahim, former Somali telecommunications minister and a well-known tech expert, said the government’s handling of the crisis has raised more questions than answers.
“Somalia isn’t high-tech, and hacking, in itself, is neither here nor there. But they should have been upfront with the public,” Ibrahim told Al Jazeera. “Why was the website’s URL changed, for example? That hasn’t even been explained.”
His concerns mirror wider frustration among civil society and digital-rights advocates who say the breach highlights long-standing structural weaknesses in Somalia’s digital governance.
Officials Deny, Then Backtrack
As fears spread online late last week, immigration officials initially dismissed the reports. On Saturday night — just hours before Sunday’s admission — the immigration agency’s director-general, Mustafa Sheikh Ali Duhulow, accused media outlets of engaging in “coordinated misinformation campaigns” aimed at weakening state institutions.
“A Somali individual cannot undermine the dignity, authority, honor or unity of the state,” he said during an event in Mogadishu, without directly addressing the hacking allegations.
Somaliland Reacts With Fury
The breach has further inflamed tensions between Somalia and Somaliland, which has sought international re-recognition since 1991.
Mohamed Hagi, a senior adviser to Somaliland’s president, said Mogadishu had acted with “institutional irresponsibility” by keeping the e-visa platform active despite clear signs of compromise.
The breach also came just one day after Somaliland declared that “entry visas issued by the Federal Government of Somalia bear no legal validity” in its territory — a move that escalated a long-running dispute over airspace and immigration authority.
Security Minister Fires Senior Official
Hours after the breach was confirmed, Somalia’s Security Minister Abdullahi Sheikh Ismail Fartag dismissed the deputy director of the Immigration and Citizenship Agency, Mohamed Kasim, naming Hussein Abdullahi Sheikh as his replacement.
The abrupt reshuffle, officials said, was intended to “strengthen the agency’s performance” amid mounting scrutiny.
Local media reported that several foreign diplomats, Western contractors, and intelligence personnel temporarily left Mogadishu after the revelations, fearing their personal data may be among the leaked files circulating online.
A Digital Crisis With Geopolitical Consequences
The breach is now considered the largest cybersecurity incident in Somalia’s history, casting new doubt on the federal government’s ability to safeguard critical systems.
Critics argue that the e-visa program — operated by a private firm reportedly linked to the family of Somalia’s president — prioritized revenue generation over data protection. The program is believed to divert nearly half its revenue to the operating company.
The crisis also comes as Somalia and Somaliland face an unprecedented aviation confrontation. This week, Somaliland began issuing its own flight directives, prompting some aircraft to receive conflicting instructions from Mogadishu and Hargeisa. Aviation authorities in Mogadishu later halted transmissions over Somaliland’s airspace to avoid potential mid-air confusion.
U.S. Issues Extended Security Warning
The U.S. Embassy warned that the leaked data includes “names, photos, dates and places of birth, email addresses, marital status, and home addresses.”
While the embassy said it could not confirm whether individual travelers were affected, it warned Americans to “assume exposure is possible.”
The advisory also reiterated the U.S. government’s broader warning against travel to Somalia due to terrorism, crime, kidnappings, piracy, and the lack of medical infrastructure.
“The security situation is so dire that U.S. government employees working in Somalia are prohibited from traveling outside the Mogadishu International Airport complex,” the advisory stated.
A Crisis Still Unfolding
As investigators examine the breach and as political tensions escalate, Somalia finds itself at a precarious moment: facing a digital security disaster, an aviation standoff, and eroding confidence among international partners.
With the e-visa system offline, airspace communications disrupted, and tens of thousands of travelers warning of potential data exposure, the government’s challenge now is not only technical — but also deeply political.
