Jun 7, 2026

OAGF Leaves Open Treasury Portal Exposed for 11 Months in Major Security Lapse

By Afolabi Olaiya Idowu in business

👁️ loading views...

Abuja, Nigeria — The Office of the Accountant-General of the Federation (OAGF) has allowed the SSL certificate on its flagship Open Treasury Portal to expire for nearly a year, leaving the government transparency platform vulnerable to cyber risks and violating Nigeria’s data protection regulations.

The certificate for opentreasury.gov.ng expired on July 8, 2025 — exactly one year after activation — and remains unrenewed as of June 7, 2026, according to the latest verification by the Foundation for Investigative Journalism (FIJ).

Visitors to the site now encounter browser security warnings, indicating that data exchanged with the portal is not properly encrypted.

Critical Tool for Fiscal Transparency at Risk

Launched to promote openness in public finance, the Open Treasury Portal provides citizens, journalists, and oversight bodies with near real-time access to federal government revenues, expenditures, contract details, and payments of ₦10 million and above under the Government Integrated Financial Management Information System (GIFMIS).

Without a valid SSL certificate, users risk exposure to man-in-the-middle attacks, data interception, and eavesdropping — particularly concerning for a platform handling sensitive financial information.

Repeated Warnings Ignored

This is not the first time the lapse has been highlighted. FIJ first reported the issue in December 2025 (after five months), followed by further alerts at nine months in April 2026. Despite the minimal cost of renewal — typically between $25 and $40 per year — and clear legal obligations under the Nigeria Data Protection Act (NDPA) 2023 and NITDA guidelines for government websites, the OAGF has failed to act.

The breach directly contravenes requirements for appropriate technical measures to protect personal and sensitive data processed on public platforms.

Leadership Under Scrutiny

Dr. Shamseldeen Babatunde Ogunjimi, the Accountant-General of the Federation, oversees the OAGF.

Appointed in an acting capacity in late 2024 and confirmed substantive in March 2025, he brings extensive experience in financial reforms and auditing.

The prolonged technical failure has raised questions about basic IT maintenance in a key federal institution.

Calls for Immediate Action

FIJ, an independent investigative outfit dedicated to accountability, has urged the OAGF, the Ministry of Finance, and the Nigeria Data Protection Commission to renew the certificate without further delay, conduct a comprehensive security audit, and put preventive measures in place.

“Citizens deserve secure access to tools meant to enhance transparency, not additional risks when exercising their right to know,” FIJ stated in its latest report.

This incident adds to concerns about the cybersecurity posture of critical government digital infrastructure in Nigeria, even as the country pushes for greater digital transformation and participation in global open government initiatives.

As of Sunday, June 7, 2026, the portal continues to operate without a valid SSL certificate, underscoring what critics describe as unacceptable negligence in safeguarding public trust.