Senegal: The public treasury, hackers’ third target in six months

Senegal has this week been hit by a third cyberattack targeting a public institution in less than six months, highlighting growing concerns over the country’s cybersecurity resilience as it accelerates its digital transformation. After the tax authority’s website was targeted in October, and the national identity card issuing department in January, the Treasury Department has now been affected by a new cyber incident.

The repeated attacks underscore the vulnerability of Senegal’s public digital infrastructure, as the country—like many others in Africa undergoing rapid digitalisation—becomes an increasingly attractive target for hackers.

Treasury system disrupted

On Monday, May 11, 2026, the Senegalese Ministry of Finance and Budget described the situation as a simple “incident” affecting the Treasury’s IT system since Sunday. However, three days later, the disruption had still not been resolved, partially paralysing customs operations and delaying certain salary advances linked to preparations for the upcoming Tabaski holiday.

Cyberattack claim and stolen data

Cybersecurity experts, however, say there is no doubt the disruption is the result of a coordinated cyberattack. A newly emerging hacker group, active since February, has claimed responsibility for the breach, alleging it has accessed 70 gigabytes of sensitive data.

The group reportedly stated that Senegal is the sixth country it has targeted, with previous attacks including operations against China and Hong Kong. Security specialists warn that Senegal should expect further attempts, given its growing digital infrastructure and recent emergence as an oil-producing nation.

Calls for stronger cybersecurity framework

Experts argue that the incident highlights the urgent need for Senegal to strengthen its cybersecurity defenses and modernise its legal framework.

“Greater state involvement is needed, along with rapid reform of the legal arsenal,” said cybersecurity specialist Gérard Joseph Francisco Dacosta.

He noted that the country’s personal data protection law dates back to 2008, while Senegal still lacks a dedicated cybersecurity law, leaving its digital systems exposed to increasingly sophisticated threats.