Malawi's Passport System Breached

For the past three weeks, Malawi has not been issuing passports for what officials said was "a technical glitch".

Now,the government of Malawi has taken the drastic step of suspending the issuance of passports following a cyber attack on the immigration service’s computer network. President Lazarus Chakwera informed Members of Parliament that the cyber attack constituted a grave national security breach, disclosing that the hackers are demanding a ransom.

President Chakwera acknowledged Malawians' unhappiness with the inability to obtain passports, but rejected Sulema's proposal for a cabinet reshuffle, citing a lack of comprehension of the situation. He said the hackers are demanding a ransom, but the Malawi government has no intention of paying as it refuses to "appease criminals" or negotiate "with those who attack our country... We are not in the business of appeasing criminals with public money, nor are we in the business of negotiating with those who attack our country," he said.

This is not the first time the country has had to suspend issuing passports, but this recent pause comes at a time when demand for passports is high, with many citizens migrating for employment opportunity reasons. Last year, the government paused giving out new documents after running out of passport booklets, with an official saying that the problem was being worsened by a shortage of foreign currency.

There have been issues since 2021 when the attorney-general's office terminated a passport contract with Techno Brain, which had been the supplier of Malawi’s passports since 2019, a company that had been offering the service, citing irregularities.

Demand for passports is high in Malawi with many young people looking to migrate in search of job opportunities.

President Chakwera said he had given the immigration department three weeks within which it should provide a temporary solution and resume the issuing of passports, while waiting to regain control of the system. He said a long-term solution with additional security safeguards would be developed. Mr Chakwera only revealed for the first time that the immigration system had been "hacked" without mentioning who the hackers were suspected to be.

No other details have been given about the cyber-attack including the possible implications in terms of personal data security.

Some frustrated Malawians have in the past faulted the government over the continued backlog of applications amid allegations of corruption. Righ now, anyone who does not have a passport or whose passport has expired cannot acquire a new one and therefore cannot travel.

Director general of the Department of Immigration and Citizenship Services, Charles Kalumo, acknowledged citizens' concerns, but was unable to propose a date for passport issuance to resume.

BBC     |     Dark Reading     |     IT Web Africa     |     VOA     |     The Herald     |     Lusaka Times

Image: David_Peterson

You Might Also Read: 

Buy A Dark Web Passport Scan For $15:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Wireless Security In Smart Homes Is Vulnerable
Cyber Security Governance Is A Leadership Responsibility »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

MainNerve

MainNerve

MainNerve helps secure networks, applications, people, and facilities… enabling businesses to reduce risk and increase their cybersecurity posture.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

Saidot

Saidot

Saidot is a Finnish AI governance and alignment company committed to helping businesses safely and transparently integrate AI into their operations.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.