The recent cyberattack on Senegal’s Public Treasury underscores a growing threat to Dakar’s digital infrastructure. Over the past six months, three key government agencies have fallen victim to breaches, raising serious concerns about the nation’s cybersecurity readiness. This incident coincides with the state’s rapid push toward digitalizing public services, which inadvertently expands the attack surface for malicious actors. The frequency of these intrusions raises doubts about the effectiveness of safeguards protecting critical systems.
The attack on the Directorate General of the Treasury and Public Accounting follows two prior high-profile incidents. In October, the General Directorate of Taxes and Land Registry was targeted, while in January, the national identity card production service suffered a breach, disrupting a system central to daily citizen interactions. This troubling pattern targets core administrative functions—taxation, civil registration, and public finances—highlighting vulnerabilities at the heart of Senegal’s governance.
Rapid digitization outpaces security measures
Like many African nations modernizing their administrations, Senegal has accelerated digital transformation projects without always pairing them with robust security frameworks. While digitizing public services promises efficiency and transparency, it demands equally significant investments in data protection, continuous monitoring, and staff training. The gap between digitalization speed and security upgrades creates a critical vulnerability exploited by cybercriminals.
Attackers typically pursue three primary objectives: ransomware extortion, theft of sensitive data for resale, or symbolic destabilization of state institutions. For the Public Treasury, which manages the nation’s financial flows, the stakes are particularly high. A prolonged breach could disrupt public expenditure chains, local government accounting, and domestic debt management. Authorities have yet to disclose the attack’s precise nature or the volume of potentially compromised data.
Africa’s growing appeal for cybercriminals
Senegal is not alone in facing this threat. Several African countries with ambitious e-government initiatives have suffered major cyber offensives in recent years. The surge in internet connectivity, the rise of mobile payments, and the migration of public records to cloud platforms have created an attractive landscape for cybercriminals, whether operating locally or abroad. The cost-benefit ratio favors attackers: potential ransom payments are substantial, while cross-border legal repercussions remain minimal.
Despite Dakar’s existing institutional frameworks, including the Personal Data Protection Commission (CDP) and the State IT Agency (ADIE), gaps persist. Operational coordination between agencies, incident response capabilities, and cybersecurity awareness among public servants remain works in progress. The escalating attacks may push authorities to adopt stricter national strategies, incorporating regular audits, simulated drills, and mandatory breach notifications.
Political fallout and future safeguards
The government faces a political imperative to restore public trust in digitalized services. Repeated breaches—three in six months—undermine confidence in the security of citizens’ tax, biometric, and financial data, jeopardizing the case for continued large-scale digital projects. Pressure may also mount on state contractors, whose selection sometimes prioritizes cost over the resilience of their solutions.
Beyond Senegal, these successive attacks highlight a broader truth: African digital sovereignty extends far beyond local data hosting or homegrown applications. It hinges on the ability to detect, contain, and neutralize increasingly sophisticated intrusions before they inflict lasting damage.
