The U.S. Embassy in Mogadishu has confirmed that unidentified hackers breached Somalia’s e-visa application system on November 11, 2025, compromising the personal data of approximately 35,000 individuals — including potentially thousands of U.S. citizens.
According to the Embassy’s public notice, leaked data from the cyberattack includes applicants’ names, photos, dates and places of birth, email addresses, marital status, and home addresses. The Embassy warned that individuals who have applied for a Somali e-visa may have been affected, though it remains unable to confirm the full extent of the breach.
This incident marks one of the most serious cybersecurity lapses in Somalia’s digital governance systems. Sources indicate that the Somali government has yet to issue an official statement acknowledging the attack or outlining mitigation measures.
The data breach has already had diplomatic repercussions. Several foreign diplomats were reportedly evacuated from Somalia following the exposure of sensitive personal information that later circulated on social media platforms. Cybersecurity experts suggest that the compromised systems remain unstable and have not yet fully recovered.
In its advisory, the U.S. Embassy urged all affected individuals to monitor communications from the Somali Immigration and Citizenship Agency and to consult the U.S. Federal Trade Commission’s data breach resources for guidance on identity protection.
The breach raises renewed concerns about the vulnerability of Somalia’s digital systems and the need for robust cybersecurity infrastructure to safeguard both domestic and international users.
The Somali government has not issued a formal response as of publication time, while diplomatic sources continue to assess the scale and implications of the breach.