Data Breach Government · Senegal · February 2026

Directorate of File Automation (DAF), Senegal

Analysis of the claimed Senegal government biometric database breach by Green Blood Group with 139TB of identity data.

Records Affected

Unknown (139TB claimed)

Attack Type

Data Breach

Location

Senegal

Data types exposed

Biometric data national identity records civil registration data

What Happened

In February 2026, the Green Blood Group claimed to have breached the Senegalese Directorate of File Automation (DAF), claiming 139TB of data including biometric and identity records.
DAF acknowledged the incident and temporarily halted services. If confirmed, this represents a critical breach of a national biometric and identity database.

Timeline

  • February 2026 — Green Blood Group claims breach of Senegalese DAF with 139TB of biometric and identity data
  • February 2026 — DAF acknowledges incident and temporarily halts services

Threat Actor Profile

Green Blood Group is a threat actor that has targeted government institutions, though limited public information is available about their broader operations and affiliations.

Impact and Risk Assessment

For Individuals

If confirmed, Senegalese citizens may have had their biometric data, national identity records, and civil registration data exposed.
Biometric data such as fingerprints and facial recognition data cannot be changed or reissued, creating permanent identity security compromise.

For Organisations

The Senegalese government faces the challenge of restoring trust in its national identity infrastructure.
International organisations operating in Senegal that rely on national ID verification may need to implement additional identity safeguards.

Regulatory Context

Senegal's Law No. 2008-12 on the Protection of Personal Data and the Commission de Protection des Donnees Personnelles (CDP) oversee data protection in the country.
International cooperation may be needed given the scale and sensitivity of the claimed breach.

What Should You Do?

For Individuals

  • Senegalese citizens should monitor for unusual activity involving their national identity documents and be alert to identity fraud.

For Security Professionals

  • Government biometric databases require the highest levels of physical and logical security, including air-gapped backup systems and continuous monitoring.
  • Developing nations' digital identity systems face significant cybersecurity challenges that require international cooperation and investment.

Learnings and Recommendations

Government biometric databases represent national-level identity infrastructure. Their compromise has implications that extend far beyond typical data breaches and cannot be remediated by issuing new credentials.
Developing nations' digital identity systems face significant cybersecurity challenges that require international cooperation and investment.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories