The recent cyberattack targeting Senegal’s Public Treasury has intensified concerns about digital security in Dakar. Over the past six months, three key government departments have fallen victim to breaches, thrusting cybersecurity into the spotlight of national digital sovereignty debates. This incident coincides with the government’s accelerated push toward digitizing public services, which inevitably widens the attack surface for malicious actors. The frequency of these intrusions raises critical questions about the resilience of security measures protecting sensitive state infrastructure.
The breach at the Directorate General of Treasury and Public Accounting follows two previous high-profile incidents. In October, the tax authority’s online portal was compromised, and in January, the agency responsible for national ID production faced a similar attack, disrupting a system that directly impacts citizens’ daily lives. Together, these events paint a troubling picture: taxes, civil records, and public finances—core functions of the state—have all been targeted.
rapid digitization outpaces security infrastructure
Like many African nations modernizing their administrations, Senegal has prioritized digital transformation without always pairing these initiatives with equally robust security frameworks. While digitizing public services promises greater efficiency and transparency, it demands substantial investments in data protection, continuous monitoring, and staff training. The gap between the pace of digital adoption and the strengthening of defenses is precisely the vulnerability cybercriminals exploit. Attackers typically pursue three main objectives: extortion through ransomware, theft of sensitive data for resale, or symbolic disruption of state institutions.
In the case of the Treasury, which manages the nation’s financial flows, the stakes are particularly high. A prolonged breach could disrupt public expenditure chains, local government account tracking, or domestic debt management. Authorities have yet to disclose details about the attack’s nature or the volume of potentially stolen data.
africa emerges as prime target for cybercriminals
Senegal is not alone in facing this threat. Several African countries pursuing ambitious e-government initiatives have suffered major cyber offensives in recent years. The surge in internet connectivity, the rise of mobile payments, and the gradual migration of public records to the cloud have created a highly attractive environment for cybercriminals—whether they operate locally or abroad. For attackers, the cost-benefit ratio remains favorable: potential ransoms are significant, while the likelihood of cross-border prosecutions remains slim.
Dakar has established institutional frameworks, including the Personal Data Protection Commission (CDP) and initiatives led by the State IT Agency (ADIE), but gaps persist. Operational coordination between agencies, incident response capabilities, and cybersecurity awareness among public officials remain works in progress. The escalation of attacks may push authorities to adopt a stricter national strategy, incorporating regular audits, simulated attack drills, and stricter breach notification requirements.
government under pressure to strengthen cyber defenses
The stakes extend beyond technical concerns. Public trust in digitized services hinges on assurances that tax, biometric, and financial data are secure. Three major breaches in six months erode this confidence and undermine arguments for expanding digital projects. Pressure may also mount on private contractors handling state projects, where cost considerations sometimes overshadow the robustness of security solutions.
Beyond Senegal, these repeated attacks underscore a broader truth: African digital sovereignty is not just about hosting data locally or developing national applications. It requires genuine capacity to detect, contain, and neutralize increasingly sophisticated intrusions.