The cyberattack targeting Senegal’s Public Treasury underscores a growing concern for Dakar. Within just six months, three key government departments have fallen victim to breaches, thrusting the issue of cybersecurity into the spotlight of Senegal’s digital sovereignty debate. This latest incident coincides with the state’s accelerated push toward digitalizing public services, inadvertently expanding the attack surface for malicious actors. The frequency of these intrusions raises serious questions about the resilience of the security measures in place across critical national infrastructure.
The breach at the Directorate-General of the Treasury and Public Accounting follows two earlier high-profile attacks. In October, the tax and land registry portal was compromised, while January saw an intrusion into the national identity card production system—a service that directly impacts citizens on a daily basis. This troubling pattern reveals a disturbing trend: taxes, civil registration, and public finances—core pillars of the administrative machinery—are now under siege.
Digital transformation outpaces security safeguards
Like many African nations modernizing their administrations, Senegal has rolled out numerous digital initiatives without always pairing them with equally robust security frameworks. While digital transformation promises greater efficiency and transparency, it demands substantial parallel investments in data protection, continuous monitoring, and staff training. The gap between the speed of digital adoption and the pace of defense reinforcement has become a critical vulnerability exploited by cybercriminals.
Attackers typically pursue three objectives: ransomware extortion, theft of sensitive data for resale, or symbolic destabilization of state institutions. In the case of the Public Treasury—home to the nation’s financial flows—the stakes are far higher than mere service disruption. A prolonged breach could disrupt public expenditure chains, undermine local government account tracking, or even jeopardize domestic debt management. Authorities have yet to disclose the exact nature of the intrusion or the potential scale of data exfiltration.
Africa’s rising appeal for cybercriminals
Senegal is far from alone in facing this menace. Over the past two years, multiple African countries with ambitious e-government programs have weathered large-scale cyber offensives. The surge in internet connectivity, the widespread adoption of mobile payments, and the gradual migration of public records to cloud platforms have created an environment ripe for exploitation by cybercriminals—whether operating from within the continent or abroad. The cost-benefit ratio remains highly favorable for attackers: potential ransoms are substantial, while the likelihood of cross-border prosecution remains slim.
Despite Dakar’s institutional framework—including the Personal Data Protection Commission (CDP) and initiatives led by the State Computing Agency (ADIE)—gaps persist. Operational coordination between departments, incident response capabilities, and internal cybersecurity awareness among public servants remain works in progress. The escalating frequency of attacks could hasten the adoption of a stricter national strategy, incorporating regular audits, simulated drills, and stricter breach notification mandates.
Political fallout and future safeguards
The government now faces a political imperative. Public trust in digitized public services hinges on the assurance that tax, biometric, and financial data are secure. Three breaches in half a year erode this confidence and undermine arguments for advancing major digital projects. Pressure is also mounting on private contractors selected by the state, where cost considerations sometimes overshadow the robustness of the solutions offered.
Beyond Senegal’s borders, these successive attacks highlight a hard truth: African digital sovereignty isn’t just about hosting data locally or developing national applications. It requires real capacity to detect, contain, and neutralize increasingly sophisticated intrusions.
