The Nigeria Data Protection Commission (NDPC) has launched an investigation into a suspected data breach involving Remita Payment Services Ltd., Sterling Bank, and other entities. Reports on dark web forums claim that threat actors accessed and exposed sensitive customer and institutional data, raising concerns for Nigeria’s digital payment ecosystem.
The probe, which began with a Notice of Investigation on April 1, 2026, seeks to determine the scope of the incident, the types of personal data affected, and potential risks to data subjects. The NDPC is also reviewing the technical safeguards and mitigation measures in place.
Dr. Vincent Olatunji, NDPC CEO, emphasized a broader review of organisations using digital payment systems to ensure compliance with the Nigeria Data Protection Act, 2023, warning that entities without adequate data protection measures will be scrutinized.
