The Nigeria Police Force (NPF) official website and its state command subdomains are currently flagged as unsafe, due to an expired SSL/TLS security certificate that lapsed on July 4, 2025, and has now been expired for over 15 days. Visitors see a "Your connection is not private" warning, which blocks access and leaves submitted user data exposed.
This lapse means that any forms submitted on the site (such as reports for cyber crime) may not be encrypted, making them vulnerable to interception by hackers or phishing actors . Such security negligence also violates compliance guidelines from the National Information Technology Development Agency (NITDA) that mandate government sites maintain valid certificates to protect users.
Experts warn that even though traffic volume may be low, the breach significantly impacts public trust in official online services and raises broader questions about the cybersecurity readiness of government digital infrastructure. The breach is especially concerning given other recent government data leaks, and underscores the urgency for digital risk governance in Nigerian public agencies.
Authorities are urged to renew the certificate immediately, restore trust by performing security audits, and ensure future compliance with NITDA’s guidelines. With such easily preventable oversight, this incident serves as a warning that routine digital hygiene is essential to safeguarding citizen data online.