Senegal is reeling from yet another cyberattack-this time striking at the very heart of its financial administration. The Directorate General of Taxes and Domains (DGID) has been compromised in a major breach reportedly carried out by the extortion group BlackShrantac.
According to SeneNews, the attackers published sensitive samples on their leak site, including tax reports, treasury records, HR documents with passports and ID numbers, and internal network information. The scope and sensitivity of the stolen data pose serious risks to citizens, businesses, and the state itself.
Unlike traditional ransomware attacks, BlackShrantac employs a “double extortion” model: not only exfiltrating massive amounts of data but also threatening to leak it gradually unless a ransom is paid. Even if systems are restored, the stolen information remains a permanent threat through resale, exposure, or blackmail. The incident marks one of the most severe blows yet to Senegal’s digital infrastructure, with implications for fiscal confidentiality, national security, and citizen trust.
Experts warn that the problem extends far beyond technology it is structural. In many state institutions, leadership roles in IT and cybersecurity are filled by officials without technical backgrounds. As a result, information systems remain weak, policies are inconsistent or non-existent, and cyber awareness among public servants is dangerously low. Without reform, incidents like this will likely continue.
The attack also highlights a broader governance gap. While Senegal is advancing in areas such as digital identity and centralized data systems, these projects are being deployed without adequate investment in training and awareness (training.saintynet.com) for staff or strong national cybersecurity governance. At a time when the human factor is the first line of defense, neglecting cyber education leaves the state exposed.
10 Urgent Actions for the DGID and the State:
- Contain and Isolate Systems: Segment compromised networks and cut off unnecessary external access.
- Activate a Crisis Cell: Establish a 24/7 incident management team covering technical, legal, and communication needs.
- Engage Professional Incident Response Teams: Conduct forensic investigations to assess the scope of exfiltration.
- Preserve Evidence: Secure logs, disk images, and network traces before altering systems.
- Reset and Secure Access: Revoke compromised accounts, enforce strong passwords, and enable multi-factor authentication.
- Monitor Outbound Traffic: Detect and block suspicious exfiltration attempts.
- Notify Authorities: Engage the national CERT/CSIRT and regulatory bodies promptly.
- Communicate Transparently: Issue public statements explaining the breach and response measures.
- Support Victims: Provide identity protection services for employees and taxpayers at risk.
- Strengthen Long-Term Defenses: Conduct a full security audit, deploy a national SOC, and invest in large-scale cybersecurity awareness and training.
Wider Implications:
This breach is not just about stolen data it is about digital sovereignty. Experts argue that Senegal must urgently elevate cybersecurity to the level of national defense, much like France’s ANSSI or other African nations that have empowered independent cybersecurity agencies. Without a strong, centralized body capable of enforcing standards and holding institutions accountable, the state risks falling into a cycle of recurring cyber crises.
Conclusion:
The cyberattack on Senegal’s DGID is a wake-up call. Sensitive fiscal and personal data are now in the hands of criminals, and the credibility of state systems is under threat. What happens next depends on whether authorities choose quick fixes or long-term reform. Cybersecurity must become a national priority embedded in governance, backed by strong institutions, and supported through training, awareness, and investment. Otherwise, as experts warn, the next breach may shake not just a ministry, but the entire state.
