Malawi's Passport System Breached

For the past three weeks, Malawi has not been issuing passports for what officials said was "a technical glitch".

Now,the government of Malawi has taken the drastic step of suspending the issuance of passports following a cyber attack on the immigration service’s computer network. President Lazarus Chakwera informed Members of Parliament that the cyber attack constituted a grave national security breach, disclosing that the hackers are demanding a ransom.

President Chakwera acknowledged Malawians' unhappiness with the inability to obtain passports, but rejected Sulema's proposal for a cabinet reshuffle, citing a lack of comprehension of the situation. He said the hackers are demanding a ransom, but the Malawi government has no intention of paying as it refuses to "appease criminals" or negotiate "with those who attack our country... We are not in the business of appeasing criminals with public money, nor are we in the business of negotiating with those who attack our country," he said.

This is not the first time the country has had to suspend issuing passports, but this recent pause comes at a time when demand for passports is high, with many citizens migrating for employment opportunity reasons. Last year, the government paused giving out new documents after running out of passport booklets, with an official saying that the problem was being worsened by a shortage of foreign currency.

There have been issues since 2021 when the attorney-general's office terminated a passport contract with Techno Brain, which had been the supplier of Malawi’s passports since 2019, a company that had been offering the service, citing irregularities.

Demand for passports is high in Malawi with many young people looking to migrate in search of job opportunities.

President Chakwera said he had given the immigration department three weeks within which it should provide a temporary solution and resume the issuing of passports, while waiting to regain control of the system. He said a long-term solution with additional security safeguards would be developed. Mr Chakwera only revealed for the first time that the immigration system had been "hacked" without mentioning who the hackers were suspected to be.

No other details have been given about the cyber-attack including the possible implications in terms of personal data security.

Some frustrated Malawians have in the past faulted the government over the continued backlog of applications amid allegations of corruption. Righ now, anyone who does not have a passport or whose passport has expired cannot acquire a new one and therefore cannot travel.

Director general of the Department of Immigration and Citizenship Services, Charles Kalumo, acknowledged citizens' concerns, but was unable to propose a date for passport issuance to resume.

BBC     |     Dark Reading     |     IT Web Africa     |     VOA     |     The Herald     |     Lusaka Times

Image: David_Peterson

You Might Also Read: 

Buy A Dark Web Passport Scan For $15:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Wireless Security In Smart Homes Is Vulnerable
Cyber Security Governance Is A Leadership Responsibility »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Softtek

Softtek

Softtek provides comprehensive software Quality Assurance and Testing that identifies the correctness, completeness, and quality level of software products.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Glasswall Solutions

Glasswall Solutions

Glasswall Solutions has developed a disruptive, innovative security technology which provides unique protection against document based cyber threats.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

evolutionQ

evolutionQ

evolutionQ delivers quantum-risk management strategies and robust cybersecurity tools designed to be safe in an era with quantum computing technologies.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.