Investigation targets scope of breach, risks to users, and compliance with Nigeria’s data protection law….
The Nigeria Data Protection Commission (NDPC) has opened an investigation into an alleged data breach involving Remita Payment Services Ltd, Sterling Bank Plc, and other entities.
The move follows claims published by Bytetobreach, which listed several companies it alleged had been compromised in a recent hacking incident.
In a statement issued on Sunday and signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the commission, the NDPC confirmed that a formal probe is already underway.
According to the agency, the investigation will examine:
- The type of personal data potentially exposed
- The nature and scale of the breach
- The risks posed to affected individuals
- The response and mitigation measures taken by the organisations involved
The commission revealed that a Notice of Investigation was served on April 1, 2026, with affected parties already cooperating by providing relevant information.
Wider Scrutiny Across the Ecosystem
Beyond the immediate case, the NDPC signaled a broader crackdown on organisations that fail to meet required data protection standards.
The agency, led by National Commissioner Vincent Olatunji, warned that companies using digital payment systems without adequate safeguards will face scrutiny under the Nigeria Data Protection Act 2023.
Officials say the goal is to ensure that businesses implement the technical and organisational measures necessary to protect user data and maintain trust in Nigeria’s growing digital economy.
Rising Focus on Data Privacy
The development highlights increasing regulatory attention on data protection in Nigeria, especially as digital payments and online services expand rapidly.
In a related case last year, the NDPC indicated it would move to resolve a major data privacy dispute involving Meta Platforms after the Federal Competition and Consumer Protection Commission imposed a $220 million fine over alleged violations.
What This Means
If the alleged breach is confirmed, affected companies could face:
- Regulatory penalties
- Mandatory corrective measures
- Increased oversight from authorities
For users, the investigation could determine whether sensitive personal or financial data was exposed and what protections will follow.
As the probe unfolds, the outcome is likely to set an important precedent for how data breaches are handled in Nigeria’s financial and digital services sectors.
