 |
Catastrophic breach includes personal details of evisa applicants, system admin passwords and banking data, handing terrorists a verified list of 35,000 targets, including 2,298 Americans and 3,027 Britons.
HARGEISA – The digital nightmare first reported by Somaliland Chronicle late last month about major vulnerability with Somalia’s e-visa system has metastasized into a complete data breach where its entire content has been dumped online. We can now confirm, based on consultation with cybersecurity experts who verified the leak as genuine, that the breach of Somalia’s federal e-visa system represents a total compromise of its national infrastructure.
The leaked data extends far beyond personal details and passport numbers of 35,417 travelers. Somaliland Chronicle has verified that the breach includes sensitive banking information—including credit card details—used by thousands of travelers to pay visa fees directly to the federal government. Most critically, the data dump includes system-level administrator credentials and passwords.
Global Impact: Break down by nationality
| Country | Passport Count | Percentage |
| Kenya | 13,325 | 37.62% |
| United Kingdom | 3,027 | 8.55% |
| United States | 2,298 | 6.49% |
| Netherlands | 2,040 | 5.76% |
| Colombia | 1,686 | 4.76% |
| Sweden | 1,679 | 4.74% |
| Norway | 1,058 | 2.99% |
| Canada | 972 | 2.74% |
| India | 795 | 2.24% |
| Finland | 588 | 1.66% |
| Ethiopia | 563 | 1.59% |
| Somalia | 561 | 1.58% |
| Uganda | 556 | 1.57% |
| Pakistan | 458 | 1.29% |
| Denmark | 366 | 1.03% |
| Turkey | 357 | 1.01% |
| Belgium | 290 | 0.82% |
| Yemen | 259 | 0.73% |
| Bangladesh | 232 | 0.66% |
| Syria | 222 | 0.63% |
| Australia | 221 | 0.62% |
| Switzerland | 198 | 0.56% |
| China | 186 | 0.53% |
| South Africa | 184 | 0.52% |
| Italy | 177 | 0.50% |
As this crisis unfolds, staff at Mogadishu’s Aden Adde International Airport remain in a full work stoppage over unpaid wages. The government that cannot manage its physical airport has now proven catastrophically incapable of securing its digital one.
Your Bank Account is Compromised
Every one of the 35,000+ victims is now at immediate risk. Among them: 13,325 Kenyans, 3,027 UK citizens, 2,298 US citizens, 2,040 Dutch citizens, 972 Canadian citizens, and thousands of others from across the globe.
Your full name, passport details, date of birth, passport expiration date, and banking information are now circulating in criminal networks. This creates a complete package for identity theft, financial fraud, and the draining of bank accounts. If you applied for a Somalia e-visa, your financial information is compromised. Contact your bank immediately.
This is Not a Corporate Data Breach: It’s a Kill List
It is critical to understand why this breach is infinitely more dangerous than a typical data breach. When a Western corporation or government office is breached, the primary risk is financial. Criminals use stolen data for identity theft. Victims face financial loss, but not physical danger.
This breach is different. This is a physical security catastrophe.
The data has been dumped into a warzone. It is now accessible to Al-Shabaab, a terrorist organization designated by the United States, United Kingdom, and international community that actively hunts and kills Westerners, aid workers, diplomats, and allied personnel. Al-Shabaab conducted the 2013 Westgate Mall massacre in Nairobi that killed 67 people, the 2015 Garissa University attack in Kenya that killed 148, the 2019 DusitD2 hotel attack in Nairobi that killed 21, and continues ongoing assassinations of diplomats, journalists, and aid workers.
This breach provides terrorists with a verified, pre-vetted target list. It confirms the names, nationalities, photographs, passport numbers, and travel patterns of their adversaries. It is an intelligence goldmine for planning kidnappings, assassinations, and targeted attacks. If your passport number is in this database, Al-Shabaab knows who you are, what you look like, and that you have travelled to their operational theater.
Administrative Access: The System is Conquered
The leak of administrator passwords means the entire platform’s integrity is destroyed. With these credentials, anyone can monitor all new visa applications in real-time, watching who is coming, when they’re arriving, and their stated purpose. They can issue fraudulent visas to terrorist operatives, creating legitimate-appearing travel documents for international movement. They can deny legitimate visas to journalists, security personnel, or diplomats. They can track high-value targets, knowing exactly when diplomats, UN officials, or military contractors will arrive before they board their flights. Most dangerously, even if passwords are changed, attackers have had months to establish backdoors and maintain control.
The system cannot be trusted. Any passport that passed through this system is permanently compromised. The data cannot be “secured” after the fact. The administrator access means the entire database must be considered toxic.
What Must Happen Now
Affected governments must issue emergency passport replacements. Every passport number in this database must be considered compromised and should be invalidated immediately. The 35,417 affected travelers require emergency passport replacement at no cost. Their passport numbers are now in terrorist hands and represent a clear and present danger.
Citizens who used Somalia’s e-visa system must be notified immediately of the breach and advised of the physical security risks. This is not optional diplomatic courtesy—this is a life-and-death notification requirement. Somalia’s federal government must be held accountable for this catastrophic failure. The international community has poured billions into Mogadishu. This breach proves that investment has been squandered with criminal negligence.
For affected individuals, the actions are straightforward and urgent. Contact your bank immediately and request new cards and account monitoring. Your banking details used for visa payment are compromised. Contact your passport authority and request emergency passport replacement. Your passport number is in terrorist hands. Freeze your credit—the combination of passport data and financial information creates severe identity theft risk. Monitor your accounts and check for unauthorized transactions daily. If you must travel to East Africa, understand that your identity is known to hostile actors.
Somaliland Chronicle stands by this reporting. We have consulted with cybersecurity experts who verified the breach. We have reviewed samples of the leaked data. The evidence is undeniable. If you believe your information was compromised in this breach, contact your government’s passport authority and your financial institution immediately. This is not a drill.
