The recent cyberattack on Senegal’s public treasury has intensified concerns about cybersecurity in Dakar. Within just six months, three key government institutions have fallen victim to breaches, thrusting the issue of digital sovereignty into national discussions. This incident coincides with the state’s accelerated push toward service digitalization, which inadvertently expands the attack surface for malicious actors. The recurring nature of these intrusions, happening in rapid succession, raises serious questions about the resilience of security measures protecting critical infrastructure.
The attack on the Directorate General of Treasury and Public Accounting follows two major incidents earlier this year. In October, the tax authority’s online portal was targeted, while in January, the national ID card production system faced a breach that disrupted a service central to daily citizen interactions. Together, these events paint a troubling picture: taxation, civil registration, and public finances—core pillars of the administrative apparatus—are under siege.
Digital progress outpaces security measures
Like many African nations modernizing their public sectors, Senegal has rapidly expanded digital services without always aligning these advancements with equally robust security frameworks. While digitization promises efficiency and transparency, it demands substantial investments in data protection, real-time monitoring, and staff training. The gap between digital transformation and security upgrades has created a vulnerability exploited by cybercriminals, who increasingly target state institutions.
Attackers typically pursue three primary objectives: ransomware extortion, theft of sensitive data for resale, or symbolic disruption of government functions. In the case of the treasury, which manages the nation’s financial flows, the stakes are particularly high. A prolonged breach could disrupt public expenditure chains, municipal account tracking, or even domestic debt management. Authorities have not yet disclosed the attack’s specifics or the volume of potentially stolen data.
Africa’s growing appeal for cybercriminals
Senegal is not alone in facing this threat. Across the continent, nations pursuing ambitious e-government initiatives have faced large-scale cyber offensives in recent years. The proliferation of internet connectivity, mobile payments, and cloud-based public records has made African systems an attractive target for criminals, whether operating locally or abroad. The cost-benefit ratio remains skewed in favor of attackers: potential ransoms are lucrative, while cross-border legal consequences remain minimal.
Dakar boasts institutional frameworks, including the Personal Data Protection Commission (CDP) and the State Computing Agency (ADIE), yet operational coordination between agencies, incident response capabilities, and cybersecurity awareness among public servants remain underdeveloped. The surge in attacks may push for a stricter national strategy, incorporating regular audits, simulated breach exercises, and mandatory incident reporting.
What political response is expected
The government now faces a credibility challenge. Public trust in digital public services hinges on assurances that tax, biometric, and financial data are secure. Three breaches in six months erode this trust and undermine arguments for advancing major digital projects. Pressure is also mounting on private contractors working with the state, as cost often outweighs security rigor in their selection process.
Beyond Senegal, these cascading attacks highlight that African digital sovereignty extends beyond data localization or homegrown applications. It requires genuine capacity to detect, contain, and neutralize increasingly sophisticated intrusions.
