Nigeria’s data protection regulator has opened a fresh investigation into a possible cyber incident. The move has drawn attention to two major players in the financial space.
The Nigeria Data Protection Commission confirmed it is probing Remita Payment Services Ltd. and Sterling Bank over an alleged data breach.
The commission disclosed that a formal notice was issued on April 1, 2026. The action follows growing concerns about a potential exposure of sensitive data belonging to Nigerians.
In a statement signed by Babatunde Bamigboye, the agency outlined its next steps. “In line with the Commission’s procedure, Notice of Investigation was duly served on the 1st of April, 2026. Relevant parties and individuals have been providing information for the purpose of addressing the incident.”
The regulator added that the focus is clear. “The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures.”
NDPC: Alleged breach details raise concern
The NDPC investigation comes after a wave of online alerts. These claims suggest that a large volume of data may have been compromised.
Reports linked the incident to a threat actor known as “ByteToBreach”. The claims gained traction after posts from cyber intelligence platforms.
One alert suggested that data tied to Remita may have been leaked. The report pointed to about 3 terabytes of information from cloud storage. This allegedly included over 800GB of KYC documents such as identity cards, passports, and bank statements.
Another claim focused on Sterling Bank. It alleged that data linked to about 900,000 customers and over 3,000 employees had been exposed. The details reportedly included BVN records, transaction histories, and credit data.
While these claims remain unverified, they have raised serious questions about data security across the sector.
Wider risks for Nigeria’s digital finance space
The situation may extend beyond the two firms under investigation. Some reports suggest that other organisations could also be affected.
Names mentioned in circulating claims include Zenith Bank, Oyo State Government, Leadway Assurance, GetBumpa, and Ahmadu Bello University.
At the same time, Nigeria’s shift towards digital banking continues to grow. This makes data protection even more critical.
Under the Nigeria Data Protection Act 2023, organisations must safeguard user data. Failure to comply could attract penalties of up to N10 million or 2% of annual revenue.
For now, the NDPC investigation will determine the facts. However, the outcome could shape how trust is built in Nigeria’s fast-growing digital finance ecosystem.
I am passionate about crafting stories, vibing to good music (and making some too), debating Nigeria’s political future like it’s the World Cup, and finding the perfect quiet spot to work and unwind.
No Comments