Somalia E-Visa Data Breach Sparks International Alarm and Airspace Dispute

Primary Source: BBC News – “US warns thousands of people’s data exposed”

Widespread Data Compromise

The U.S. Embassy in Mogadishu has issued a stark warning following a significant cybersecurity incident, revealing that personal data belonging to at least 35,000 individuals may have been exposed by hackers who infiltrated the Somali government’s electronic visa system. According to the embassy’s official statement, the breach is considered “ongoing,” posing a continuous risk to anyone submitting information to the platform.

The compromised data is reported to be a treasure trove for malicious actors, including names, photographs, dates of birth, marital status, home addresses, and email contacts. This level of detail creates a high risk of identity theft and targeted phishing campaigns against applicants, who include U.S. citizens and other international travelers.

Diplomatic Warnings and Government Silence

The alert from the U.S. has been echoed by the United Kingdom, which is now advising travelers to “consider the risks” before applying for the e-visa, a mandatory requirement for entry into Somalia. This coordinated international response underscores the severity with which Western nations are treating the breach.

Despite these public warnings, Somali authorities have yet to officially acknowledge or comment on the incident. However, an observable shift in government activity suggests internal recognition of a problem. The visa application service has been quietly migrated from the domain evisa.gov.so to a new portal, etas.gov.so, without any public explanation for the change.

Data Security Fuels Pre-Existing Political Tensions

The data breach has poured fuel on the long-smoldering political dispute between the Federal Government of Somalia and the breakaway region of Somaliland. Officials in Hargeisa, the capital of Somaliland, have seized upon the security failure to bolster their argument for autonomy.

Somaliland’s Foreign Minister, Abdirahman Dahir Aadan, explicitly cited safety concerns, stating that the Somali e-visa system was not secure and warning that “people’s data can fall into the hands of extremist groups.” He reiterated that anyone traveling to Somaliland would obtain a visa on arrival, directly contradicting Mogadishu’s centralized system.

Airspace Control Becomes the Battleground

The disagreement has escalated beyond diplomacy into a tangible conflict over the control of Somali airspace. Somaliland’s President, Abdirahman Irro, has ordered that airlines must obtain clearance from Hargeisa before entering what it claims as its airspace, a directive that its Civil Aviation Minister says came into effect in November.

This has created a chaotic situation for airlines and travelers. Major international carriers, adhering to international norms and the authority of the recognized Somali government in Mogadishu, are refusing to board passengers without the official Somali e-visa. This has left some travelers bound for Somaliland stranded at airports.

The Somalia Civil Aviation Authority (SCAA) has responded forcefully, asserting its “sole administrative and legal control” over the entire Mogadishu Flight Information Region. It has ordered all aircraft to ignore instructions from any authority other than itself, warning of potential safety risks and “serious legal consequences” for non-compliance.

Broader Implications for Travel and Sovereignty

This incident highlights a critical challenge at the intersection of cybersecurity, international travel, and contested sovereignty. For global travelers, the breach is a sobering reminder of the sensitive data shared with foreign government systems and the potential fallout when those systems are compromised.

Politically, the event provides Somaliland with a powerful tool to challenge Mogadishu’s authority and present itself as a more stable and secure alternative. The public airspace dispute, complete with footage of Somaliland air traffic controllers directing pilots, is a symbolic assertion of its long-standing claim to independence. The data breach has not just exposed personal information; it has exposed the fragile and contentious nature of state control in the Horn of Africa.

Individuals who have applied for a Somali e-visa are advised to remain vigilant for suspicious communications and consider measures to protect against identity fraud.