A rising tide of public anger has gripped the country following reports on social media alleging the exposure of sensitive eVisa data. The Immigration and Citizenship Agency has yet to release an official statement, but the evidence already visible paints a troubling picture. This was not an external cyber-attack. It was an internal collapse of basic data protection and responsible leadership.
What is known so far indicates that sensitive information was mishandled inside the agency’s own digital environment. Files appear to have been either left exposed or placed in locations without security safeguards. The most likely explanation is stark. The database had no RLS. Someone copied the entire database into a folder and left it unprotected and unencrypted. This is not a complex breach. This is a direct failure of the most fundamental data security practices.
There is no sign of outside interference. No unusual login attempts. No forced entry. No patterns of system disruption. External attackers rarely limit themselves to copying data. They often attempt deeper penetration, damage to infrastructure or tampering with service availability. None of these traces is present. Adding to the concern, the leaked materials circulating online are confined to a narrow time frame, with no dates from September, October or November. This absence raises serious questions about when the data was moved and who had the authority and opportunity to access it.
What has further deepened public frustration is the agency’s silence. Silence at a moment of crisis is not caution. Silence is a choice that signals a lack of transparency and a disregard for public trust. When an institution that handles national records remains quiet while sensitive information circulates online, it suggests that accountability is missing at every level of its leadership.
This incident demands firm consequences. National data was compromised because of internal negligence. This is not a minor administrative slip. It exposes weaknesses in oversight, technical management and leadership responsibility. The leadership of the Immigration and Citizenship Agency must pay the price for this failure. Without decisive action at the top, the public will see this as another institution that protects itself instead of the people it serves. Heads have to roll. Authority means responsibility, and responsibility must be enforced.
The country cannot continue with an agency where data is unsecured, internal controls are ignored, and silence replaces accountability. The integrity of personal information is central to any credible immigration system. Without a transparent response, public confidence will only continue to deteriorate.
The agency must now issue a clear public statement, take full responsibility and explain how this failure occurred. It must outline immediate steps to strengthen digital safeguards, enforce strict internal controls, and rebuild a culture of accountability so that such incidents cannot be repeated.
Trust cannot be restored through silence. It can only be regained through honesty, decisive leadership and meaningful reform. The public is watching and expects responsibility, clarity, and action.