Nigerian Police Force Website Exposes Sensitive Data After SSL Certificate Expires for 15 Days

Nigerian authorities have issued warnings regarding a critical cybersecurity flaw on the official website of the Nigerian Police Force, which has exposed sensitive user data to potential breaches. The site, npf.gov.ng, recently failed to renew its SSL/TLS certificate, a foundational element for securing online communications. The expiration left the platform vulnerable to cyber threats, including Man-in-the-Middle attacks, data interception, and phishing attempts [1].

The expired certificate undermines the encryption of data exchanged between users and the site, meaning any personal or sensitive information submitted during the affected period could have been accessed by malicious actors. This is particularly concerning for a government portal that handles official reports and user data [1].

Cybersecurity experts have criticized the Nigerian Police Force for its failure to adhere to standard certificate management protocols. The National Information Technology Development Agency (NITDA) has established clear guidelines for certificate renewal, yet the site’s certificate had been expired for over 15 days before any public action was reported [2]. The oversight not only violates cybersecurity norms but also weakens public confidence in the government’s ability to protect digital assets.

The implications extend beyond technical concerns. The breach raises broader questions about the reliability of official digital services in Nigeria. As citizens increasingly rely on online platforms for reporting crimes and accessing government services, lapses in security infrastructure create opportunities for exploitation. Cybercriminals can exploit the lack of encryption by creating fraudulent websites or emails to trick users into revealing personal details [1].

This incident is not an isolated occurrence. In recent months, similar security failures have been reported in other public institutions, signaling systemic issues in digital governance and oversight. While some attribute the lapses to limited technical capacity, the recurring nature of these incidents points to deeper governance challenges [2].

Despite the concerns raised, the Nigerian Police Force has not yet issued an official response or outlined steps to address the security lapse. Cybersecurity professionals have called for immediate action, including the reinstatement of secure encryption, a thorough audit of potential data exposure, and transparent communication with affected users. Without such measures, the incident could lead to long-term damage to public trust and digital privacy [2].

Source:

[1] Nigerian Police website's expired certificates expose ... (https://technext24.com/2025/08/05/nigeria-police-force-website-lapse/)

[2] ALERT: Nigerian Police Breach NITDA Guidelines As Website Security Certificate Expired 15 Days Ago (https://westafricaweekly.com/)