By 
NDPC Opens Investigation Into Alleged Data Breach
The Nigeria Data Protection Commission (NDPC) has commenced an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other related entities.
RELATED: NDPC probes 1,369 Nigerian firms over data protection act violations
According to the Commission, a formal Notice of Investigation was issued on April 1, 2026, in line with established regulatory procedures. Affected organisations and relevant individuals are currently submitting information to enable the Commission assess the incident. It will then determine compliance with Nigeria’s data protection laws.
Scope of NDPC’s Investigation
The NDPC stated that its inquiry will examine several critical areas, including:
- The types of personal data allegedly compromised
- The nature, scale, and duration of the suspected breach
- Potential risks to affected data subjects
- Mitigation and remedial measures implemented, where a breach is confirmed
The investigation is aimed at establishing accountability and ensuring adequate protection of personal data within Nigeria’s rapidly expanding digital payments ecosystem.
NDPC Warns Digital Payment Operators on Compliance
The National Commissioner and Chief Executive Officer of NDPC, Dr. Vincent Olatunji, directed that organisations deploying digital payment systems without adequate technical and organisational safeguards, as required under the Nigeria Data Protection Act (NDPA) 2023, will also come under regulatory scrutiny.
The Commission stressed that ensuring ecosystem-wide compliance is essential to maintaining public trust in digital financial services.
Nigeria’s Data Breach Risk in Global Context
Recent global data breach analysis by Surfshark highlights Nigeria’s growing exposure to cyber risks. The report ranked Nigeria as the 34th most affected country globally in Q1 2025, recording approximately 119,000 breached accounts.
Global leaked accounts fell by 93%, from 973.7 million to 68.3 million during the same period. But countries such as the United States, Russia, India, Germany, and Spain recorded the highest breach volumes.
Nigeria Ranks Third in Sub-Saharan Africa for Data Breaches
Surfshark’s historical analysis of breaches since 2004 places Nigeria third in Sub-Saharan Africa, with 23.3 million compromised user accounts. The data shows:
- 7.3 million unique Nigerian email addresses breached
- 13 million passwords leaked alongside Nigerian accounts
- 56% of affected users at risk of account takeover, identity theft, extortion, and other cybercrimes
Statistically, one in every ten Nigerians has been impacted by a data breach. This underscores the urgency of stronger data protection enforcement.
NDPC Intensifies Sector-Wide Compliance Enforcement
The Commission has ramped up compliance monitoring through sector-wide probes involving 1,369 multinational and indigenous organisations accused of violating the NDPA 2023. These investigations span sensitive sectors such as banking, insurance, pensions, gaming, and insurance brokerage, with 795 financial institutions flagged.
Earlier in 2024, NDPC also investigated alleged data protection breaches involving MTN MoMo Payment Service Bank, Guaranty Trust Bank, Fidelity Bank, and Meta.
Protecting Data Subjects Remains Core Objective
According to a statement signed by Babatunde Bamigboye, NDPC’s Head of Legal, Enforcement and Regulations, the objective of the current investigation is to ensure that data subjects are protected through the deployment of appropriate technical and organisational safeguards.
The Commission reaffirmed its commitment to enforcing the Nigeria Data Protection Act and strengthening trust in Nigeria’s digital economy.
