Data breach concerns began to ripple through Nigeria’s digital space in late March 2026.
Reports circulated online, and they raised questions while drawing the attention of regulators and the public alike.
In response, the Nigeria Data Protection Commission (NDPC) acted swiftly.
Investigation Begins On Data Breach
What began as speculation soon became a formal investigation into Remita Payment Services Ltd. and Sterling Bank.
On April 1, 2026, the NDPC served a Notice of Investigation on both organisations.
This action marked the start of a detailed review into the allegations.
Scope Of The Probe
Head of Legal, Enforcement and Regulations at the NDPC, Babatunde Bamigboye, stated that the Commission prioritised determining what happened and protecting users’ data.
Additionally, the Commission confirmed that it was working with the affected parties to gather information.
Furthermore, the regulator is examining key details, including the nature and scale of the alleged breach.
It is also assessing the potential risks to data subjects and reviewing the steps taken to reduce harm.
Read Also: FTN Cocoa Extends Loss Streak To 10 Years In 2025
Meanwhile, cybersecurity claims have intensified interest in the case.
A threat actor known as “ByteToBreach” reportedly claimed responsibility for the incidents.
In addition, reports suggested that large volumes of data may have been exposed.
One claim linked Remita data to a cybercrime forum, while another suggested that Sterling Bank’s systems may have been compromised.
Wilder Implications
Although authorities have not verified these claims, they have raised wider concerns.
They highlight the growing risks within Nigeria’s expanding digital ecosystem.
Moreover, more Nigerians now depend on digital banking and online services.
Therefore, data protection has become essential for maintaining trust and confidence.
If a breach of this scale is confirmed, it could weaken public confidence.
It may also raise concerns about how securely organisations manage personal information.
Under the Nigeria Data Protection Act 2023, organisations must implement strong safeguards to protect personal data.
Otherwise, regulators may impose penalties of up to ₦10 million or a share of revenue.
In recent actions, the NDPC has strengthened enforcement across more than 1,300 organisations.
It also requires organisations to conduct audits and appoint Data Protection Officers.
Finally, the investigation continues as authorities seek clarity. Its outcome may shape trust in Nigeria’s digital future.
