The Office of the Accountant General of the Federation (OAGF) in Nigeria has unequivocally refuted any concerns regarding a potential data breach within the country’s Integrated Personnel and Payroll Information System (IPPIS). In a statement issued by Bawa Mokwa, the Director of Press and Public Relations at the OAGF, the office provided reassurance to Nigerian civil servants that their personal data is secure and that the integrity of the system remains intact.
The apprehensions about the vulnerability of data surfaced following media reports that claimed the payroll validation segment of the IPPIS website had been compromised, which subsequently led to the suspension of certain OAGF staff members. These reports raised the specter of employee information being susceptible to hacker intrusions due to an expired security certificate on the website, potentially exposing workers to risks such as phishing attacks and unauthorized salary deductions.
Contrary to these allegations, the OAGF has stated emphatically that no sensitive data is housed on the website in question and that the operations of the IPPIS are conducted on a distinct and secure platform. The OAGF, which oversees the IPPIS among other financial management systems, clarified that the IPPIS website functions purely as a conduit for disseminating information and is not involved in the processing of payroll or the storage of personal data.
“The website serves as a channel for information dissemination. No payroll processing or payment is conducted through the website; hence, it does not hold any data,” the OAGF statement highlighted. The OAGF further emphasized that the IPPIS is fortified by a robust ICT security policy that is in line with international cybersecurity standards, safeguarding digital assets from unauthorized access and potential data breaches.
According to the OAGF, the payroll validation process was supported by a secure platform and database provided by HELIX-FONS, and upon the completion of this process, the portal in question was permanently decommissioned. This assurance comes against the backdrop of growing concerns about the security and efficiency of government IT systems in Nigeria, particularly with respect to the safeguarding of personnel and citizen information nationwide.
For instance, in June 2024, a digital rights organization accused AnyVerify of illicitly selling sensitive Nigerian data, including National Identity Numbers (NIN), online for a nominal fee. Shortly thereafter, the National Identity Management Commission (NIMC) identified and flagged five websites for allegedly acquiring Nigerians’ data without authorization.
Given the critical function of the IPPIS in facilitating the timely disbursement of salaries, any suggestion of data breaches or system malfunctions understandably triggers alarm among government employees. Nevertheless, the federal government has counseled civil servants to utilize official channels to address any operational concerns or discrepancies related to salary payments.
