Somalia E-Visa Data Breach Exposes Tens of Thousands of Travellers’ Records
US embassy warns at least 35,000 applicants, including US citizens, may have had personal data compromised
The United States embassy in Mogadishu has alerted travellers that the electronic visa system of Somalia appears to have been breached, potentially exposing sensitive data belonging to at least thirty-five thousand individuals, including American citizens.
According to the statement, hackers or “unidentified actors” gained access to the e-visa portal and leaked names, photographs, dates of birth, marital status, home addresses and e-mail contacts.
The breach emerged as visitors reported screenshots of passport scans and visa application records circulating online.
The Somali government has not yet formally commented.
Meanwhile the e-visa website, formerly operating at evisa.gov.so, has been quietly replaced by a new portal at etas.gov.so, a transition that analysts link directly to the breach and to efforts to regain control of the system.
The exposed data includes applicants from a broad range of nationalities beyond the United States, and resident diplomats, aid workers and private travellers may also be affected.
The US embassy warned that individuals who submitted visa applications should assume their personal data has been compromised and take precautions accordingly.
The British Foreign Office issued a parallel alert, urging applicants to “consider the risks before applying for an e-visa” to Somalia.
Compounding concerns, a regional authority in the self-declared republic of Somaliland – which Somalia considers part of its territory but which governs itself independently – declared that it would no longer recognise the federal e-visa.
The region’s foreign minister said the system was unsafe and warned that people’s data might now fall into the hands of extremist groups.
Airlines flying to Somaliland had already refused boarding to passengers lacking the Somalia visa.
Although full details remain to emerge, cybersecurity analysts describe this as one of the most serious digital-security failures in the Horn of Africa.
The incident raises significant questions about the protection of traveller data in a high-risk security environment and about the oversight of outsourced digital infrastructure in fragile states.
According to the statement, hackers or “unidentified actors” gained access to the e-visa portal and leaked names, photographs, dates of birth, marital status, home addresses and e-mail contacts.
The breach emerged as visitors reported screenshots of passport scans and visa application records circulating online.
The Somali government has not yet formally commented.
Meanwhile the e-visa website, formerly operating at evisa.gov.so, has been quietly replaced by a new portal at etas.gov.so, a transition that analysts link directly to the breach and to efforts to regain control of the system.
The exposed data includes applicants from a broad range of nationalities beyond the United States, and resident diplomats, aid workers and private travellers may also be affected.
The US embassy warned that individuals who submitted visa applications should assume their personal data has been compromised and take precautions accordingly.
The British Foreign Office issued a parallel alert, urging applicants to “consider the risks before applying for an e-visa” to Somalia.
Compounding concerns, a regional authority in the self-declared republic of Somaliland – which Somalia considers part of its territory but which governs itself independently – declared that it would no longer recognise the federal e-visa.
The region’s foreign minister said the system was unsafe and warned that people’s data might now fall into the hands of extremist groups.
Airlines flying to Somaliland had already refused boarding to passengers lacking the Somalia visa.
Although full details remain to emerge, cybersecurity analysts describe this as one of the most serious digital-security failures in the Horn of Africa.
The incident raises significant questions about the protection of traveller data in a high-risk security environment and about the oversight of outsourced digital infrastructure in fragile states.
