The security certificate of the State House’s website (www.statehouse.gov.ng) expired about two weeks ago, but the government has failed to renew it.

FIJ noticed on April 23 that the website’s security certificate had expired, as an error message popped up when our reporter visited. The message read:

“Your connection is not private. Attackers might be trying to steal your information from statehouse.gov.ng (for example, passwords, messages or credit cards).”

READ ALSO: SPOTTED: Nigeria Police Website for Reporting Cybercrime Is Unsafe

Website users feel more comfortable when they are sure that they are visiting a genuine and secure site. As an official information channel of the Nigerian government and perhaps the country, many local and foreign journalists, researchers and even citizens rely on the website to obtain relevant data and some other content.

The State House, which is the country’s seat of power, maintains the website as an official medium of communication, providing information relating to policies and programmes, including the president’s local and foreign trips.

READ ALSO: Senate Questions State House, 577 MDAs Over N969bn Budgetary Allocation

On April 18, 2024, the security feature expired, and today marks the twelveth day since the website has been insecure.

The domain address, which was registered on December 25, 2008, is in good shape. But the expiration of its transport layer security (TLS), according to Sucuri, a website scanner, has exposed it to a medium security risk.

TLS helps to ensure security of data exchanges and communication between the different layers and points of a website. Once it expires, attackers can easily decrypt the data on the website, making users vulnerable through their personal information that can be stolen through the medium.

Public institutions in Nigeria have an unenviable record of showcasing a lukewarm attitude to digital information management. On April 14, FIJ reported how the portal designated by the Nigeria Police Force for reporting cybercrime was insecure.

READ ALSO: After FIJ’s Story, Namecheap Suspends Private Website Selling Nigerians’ NIN, Other Data

FIJ also recently investigated how XpressVerify, a dodgy website, was having access to and selling millions of Nigerians’ personally identifiable information stored in the National Identity Database under the control of the Nigerian Identity Management Commission (NIMC).

All of this happened despite the guidelines approved for government offices by the National Information Technology Development Agency (NITDA) on safe and secure web management practices.