Mogadishu: The United States Embassy in Mogadishu has warned that the personal data of more than 35,000 travelers may have been exposed after unidentified hackers allegedly breached Somalia’s electronic visa system. The incident raises urgent concerns about digital security amid an escalating political dispute over immigration authority, airspace control, and financial transparency.
In a security alert issued Thursday, the embassy said it received credible reports on November 11 indicating that Somalia’s e-visa platform had been compromised. The breach potentially leaked applicants’ names, photographs, birth details, email addresses, marital status, and home addresses. While the embassy stated it is “unable to confirm whether an individual’s data is part of the breach,” it urged all applicants for a Somali e-visa to assume they may be affected.
By Friday, the federal government had not issued a public response, even as the breach threatens to undermine confidence in a system that has been at the center of one of the most contentious political confrontations in recent years.
Somalia introduced its mandatory e-visa system on September 1, 2025, describing it as a cornerstone of immigration modernization, security screening, and revenue transparency. The platform requires all foreign travelers to apply online before entry.
However, regional governments immediately rejected the system. Somaliland insisted that only visas issued by its own immigration authority are valid in its territory, while Puntland declared the federal e-visa “illegal,” maintaining that regional administrations control airports and borders.
This rejection has caused widespread travel disruptions. A BBC Somali journalist traveling from Nairobi to Bosaso was forced to buy a second visa after Puntland officials refused to recognize her federally issued e-visa. Other travelers reported being stranded at foreign airports or charged additional entry fees upon arrival in Somaliland or Puntland.
The Somali Civil Aviation Authority (SCAA) escalated the situation by instructing carriers, including Flydubai and Ethiopian Airlines, to deny boarding to passengers traveling to Hargeisa without a federal e-visa, warning that airlines risked fines or suspension for noncompliance. This move left several Somaliland-bound passengers stranded in Dubai and other transit hubs.
In response, Somaliland asserted full control of its airspace. Aviation Minister Fu’aad Ahmed Nuuh stated that roughly 90 aircraft cross Somaliland airspace daily and that operators refusing to comply were told to reroute. He indicated Somaliland had already taken “two steps” and planned further measures depending on developments.
Senior Somaliland officials have framed the federal directives as political aggression. Foreign Minister Abdirahman Dahir Aden told diplomats that Mogadishu’s policies were intended to “destroy Somaliland,” while the Minister of the Presidency, Khadar Hussein Abdi, described the confrontation as “a direct war between Somaliland and Mogadishu.”
Cybersecurity analysts say the alleged breach raises serious questions about the e-visa platform’s resilience and whether adequate safeguards were implemented during its rollout. Many warn that the exposed data could be used for identity theft, digital impersonation, phishing campaigns, and targeted scams against Somali diaspora communities and foreign nationals.
The U.S. Embassy advised applicants to monitor updates from the Somali Immigration and Citizenship Agency (SICA), review Federal Trade Commission resources on responding to breaches, and enroll in the Smart Traveler Enrollment Program (STEP) to receive alerts. U.S. citizens were directed to contact consular services in Nairobi for assistance.
Launched to strengthen Somalia’s border management, streamline travel, reduce corruption, and support the country’s integration into the East African Community, the e-visa initiative has instead exposed deep constitutional disputes, triggered aviation standoffs, and fueled political rhetoric across Somali regions.
The reported breach adds a new layer of uncertainty. If confirmed, it would mark one of the largest data exposures in Somalia’s recent history and could force the federal government to reassess both the system’s security architecture and its broader strategy for centralizing travel administration.
