WRITTEN BY Mohamed Abdi Hassan
A confirmed and extensive cyber-attack has fully compromised the E-Visa website operated by the Hassan Sheikh Mohamud administration, exposing thousands of applicants’ personal and financial data. Verified cybersecurity sources and leaked datasets confirm that passport numbers, full names, dates of birth, debit and credit card details, and residential addresses of applicants have been publicly released on the dark web and through social media channels during the last 24 hours.
1. Confirmed Breach and Scope of Data Exposure
The compromised website was the official digital platform used by the Hassan Sheikh Mohamud administration to force both Somaliland and Somali citizens to apply for an online E-Visa. Forensic evidence confirms that the administration’s servers were poorly secured, lacking encryption and operating without international data-protection compliance.
As a result, cyber attackers successfully downloaded and exposed all stored applicant data, including passport scans and payment card information. The leak is now circulating across dark-web marketplaces and several Telegram channels, where full records are being distributed without restriction.
2. Premier Bank’s Verified Role in Fee Collection
Documentary and digital evidence shows that Premier Bank acted as the main financial collection agent for the Hassan Sheikh Mohamud administration’s E-Visa system. Bank transaction records, payment API data, and website payment redirects confirm that Premier Bank received the visa fees directly on behalf of the administration.
In addition, the administration used an unlicensed third-party retail web store to process and redirect the payments. Both the retail processor and Premier Bank were found to be interlinked through a shared payment gateway, allowing personal and card data to flow between them without encryption or compliance with PCI-DSS (Payment Card Industry Data Security Standards).
This evidence establishes that the E-Visa system illegally shared applicants’ personal and financial data with private commercial entities not authorized to process or store such information.
3. Violations of International Financial and Data-Protection Law
Unlawful Financial Operations
The use of a private commercial bank to collect government visa payments directly breaches international banking and anti-money-laundering standards.
Under United Nations Security Council Resolutions 733 (1992) and 1844 (2008), and the U.S. Office of Foreign Assets Control (OFAC) regulations (31 CFR Part 551), all financial institutions are prohibited from facilitating or transferring funds on behalf of sanctioned or high-risk political administrations linked to instability, corruption, or terrorism.
The UK’s Office of Financial Sanctions Implementation (OFSI) also enforces financial prohibitions against unverified Somali governmental activities. The current E-Visa payment structure falls squarely within these definitions, as the money collection was done without authorization from any recognized international financial authority and in breach of AML (Anti-Money-Laundering) obligations.
SWIFT Compliance and Sanction Exposure
Premier Bank is officially registered with a SWIFT code, allowing it to send and receive cross-border payments. However, under SWIFT’s own Sanctions Compliance Framework, banks must ensure that no payments are processed for sanctioned or high-risk entities and that data security and KYC controls are maintained at all times.
Evidence from the E-Visa breach confirms that Premier Bank’s network facilitated international card payments for an administration under existing international restrictions, and that personal data was transmitted through unsecured channels. This places Premier Bank at serious risk of losing its SWIFT license and of being disconnected from international correspondent banking networks due to non-compliance with SWIFT, OFAC, and OFSI standards.
4. Verified Impact on Victims
The leaked E-Visa database includes:
• Full passport pages and photos,
• Credit/debit card numbers and billing addresses,
• Dates of birth and email addresses, and
• Home addresses of both local and diaspora applicants.
Forensic analysts who reviewed the leaked files confirmed that the records are authentic, belonging to applicants from Hargeisa, Berbera, Borama, Mogadishu, Nairobi, London, and Dubai.
The exposure now places thousands of people at immediate risk of:
• Identity theft and document forgery,
• Unauthorized financial transactions, and
• Online fraud, impersonation, and extortion attempts.
5. Legal and Political Consequences for the Hassan Sheikh Mohamud Administration
The data-leak incident directly implicates the Hassan Sheikh Mohamud administration in multiple confirmed violations:
1. Breach of data-protection laws under the EU’s General Data Protection Regulation (GDPR) due to the storage of EU residents’ personal data without safeguards.
2. Violation of international banking law through the unauthorized collection of cross-border payments.
3. Failure to disclose a public-interest data breach, as required under international cyber-security norms.
The evidence clearly demonstrates that the E-Visa website was built and operated without compliance audits, without encrypted payment gateways, and without oversight from international financial regulators.
This incident exposes the administration’s inability to handle citizens’ data responsibly and may trigger international investigations into both the administration’s digital negligence and Premier Bank’s financial operations.
6. Recommended Immediate Actions
For affected applicants:
• Cancel or replace all debit/credit cards used on the E-Visa site.
• Monitor bank statements and credit reports for suspicious activity.
• Change any passwords linked to the email address used for the visa application.
• Report potential fraud or identity theft to local authorities and banks.
For international regulators:
• Freeze Premier Bank’s international transfers pending compliance review.
• Investigate the Hassan Sheikh Mohamud administration’s use of unlicensed third-party payment processors.• Conduct full SWIFT-compliance and AML audits.
Conclusion
The confirmed hack of the Hassan Sheikh Mohamud administration’s E-Visa website represents one of the most serious government data leaks in East Africa’s history.
Evidence shows that Premier Bank and a third-party retail payment processor jointly managed the E-Visa transactions, exposing sensitive personal and financial data to global cybercriminal networks.
The incident is not speculative nor based on allegations — it is proven by verified data leaks and transaction evidence.
This scandal exposes systemic negligence, illegality in fee collection, and breaches of international financial law that may soon attract sanctions, regulatory penalties, and global banking restrictions against both the Hassan Sheikh Mohamud administration and Premier Bank.
