The Senegalese public treasury has fallen victim to a recent cyberattack, underscoring growing concerns in Dakar about digital security vulnerabilities. Over the past six months, three key government institutions have been compromised, thrusting cybersecurity into the spotlight as a critical pillar of Senegal’s digital sovereignty. This latest breach coincides with the state’s accelerated push to digitize public services, inadvertently expanding the attack surface for malicious actors. The frequency of these intrusions raises serious questions about the resilience of existing protection measures on sensitive government infrastructure.

The breach targeting the Direction générale du Trésor et de la comptabilité publique follows two earlier high-profile incidents. In October, hackers struck the tax and land registry portal, while in January, the national identity card production system was infiltrated, disrupting a service deeply embedded in citizens’ daily lives. This troubling pattern—affecting taxation, civil registration, and public finance—exposes the very core of Senegal’s administrative machinery to relentless cyber threats.

Digital transformation outpaces security safeguards

Like many African nations racing to modernize their administrations, Senegal has launched numerous digital initiatives without always pairing them with proportionate security frameworks. While digitizing public services promises greater efficiency and transparency, it demands substantial investments in data protection, continuous monitoring, and staff training. The widening gap between digital adoption and cyber defense remains the Achilles’ heel exploited by cybercriminal networks.

Attackers typically pursue one of three objectives: financial extortion via ransomware, theft of sensitive data for resale, or symbolic destabilization of state institutions. In the treasury’s case, the stakes are especially high, as it manages the nation’s financial flows. A prolonged breach could disrupt public spending, local government accounting, or domestic debt management. Authorities have yet to disclose the exact nature of the intrusion or the volume of potentially stolen data.

Africa’s digital landscape faces escalating cyber risks

Senegal is far from alone in this struggle. Across Africa, countries pursuing ambitious e-government programs have faced large-scale cyber offensives in recent years. The surge in internet connectivity, the rise of mobile payments, and the migration of public records to cloud platforms have created a fertile environment for cybercriminals, whether operating locally or from abroad. The cost-benefit ratio remains heavily skewed in favor of attackers: potential ransom payouts are lucrative, while cross-border legal repercussions remain minimal.

Dakar has established institutional frameworks, including the Commission de protection des données personnelles (CDP) and the Agence de l’informatique de l’État (ADIE), yet operational coordination, incident response capabilities, and public-sector cybersecurity awareness lag behind. The mounting attacks may push the government to adopt a stricter national strategy, incorporating regular audits, simulated attack exercises, and mandatory breach notification protocols.

Policy response under scrutiny

The breach poses not just technical but political challenges for the government. Public trust in digitized services hinges on the assurance that tax, biometric, and financial data remain secure. Three major incidents in six months erode that trust and weaken the case for expanding digital projects. Pressure is also mounting on state contractors, whose selection often prioritizes cost over the robustness of their solutions.

Beyond Senegal, these successive attacks highlight a stark reality: African digital sovereignty transcends mere data localization or homegrown app development. True sovereignty demands real-time detection, containment, and neutralization of increasingly sophisticated cyber threats.