ASF France Demands Accountability After Major CAC Data Breach Exposes Entrepreneurs
Avocats Sans Frontières France, the Nigerian branch of the international legal rights organization Lawyers Without Borders, has issued a strong statement expressing deep concerns regarding the recent large-scale data breach at the Corporate Affairs Commission. The incident, which has been attributed to the threat actor known as "ByteToBreach," resulted in the compromise of a significant volume of highly sensitive data belonging to Nigerian entrepreneurs.
Compromised Data and Legal Implications
Reports confirm that the breached information includes handwritten signatures, national identity documents, and passport photographs. Reacting to this alarming development, Country Director Angela Uwandu Uzoma-Iwuchukwu emphasized that this incident represents far more than a mere technical failure. She stated that it poses a serious challenge to the constitutional Right to Privacy guaranteed under Section 37 of the 1999 Constitution of Nigeria. Furthermore, it violates the statutory obligations established by the Nigeria Data Protection Act of 2023.
According to Uzoma-Iwuchukwu, the current approach adopted by the CAC in its public communication regarding the crisis is particularly concerning. While the commission has acknowledged the unauthorized access, ASF France has highlighted several critical areas requiring urgent improvement. These include the need for comprehensive disclosure, greater clarity in communication, and the establishment of proper victim notification protocols to inform affected individuals promptly and transparently.
Calls for Immediate Action and Systemic Reforms
To restore trust in Nigeria's burgeoning digital economy, ASF France has made several concrete recommendations. The organization has called for an immediate, independent third-party audit of the CAC's entire cybersecurity infrastructure. The findings of this audit must be presented to the National Assembly to ensure parliamentary oversight and accountability.
Additionally, ASF France has urged the Nigeria Data Protection Commission to exercise its full mandate by conducting a thorough investigation into the breach. The rights group insists that appropriate sanctions must be applied to ensure that state agencies adhere to the same stringent data protection standards required of private entities under the law.
Long-Term Solutions and Risk Mitigation
Looking beyond immediate accountability, ASF France has proposed several systemic reforms for the CAC. The commission should accelerate its transition toward secure digital signatures to replace vulnerable physical documents. Furthermore, it should significantly reduce the collection and storage of high-risk physical biometric data, which presents a persistent security threat.
The organization also recommends exploring the establishment of insurance or indemnity frameworks. Such measures would help protect citizens against the long-term risks of identity fraud and financial loss that may result from this significant data compromise. The breach underscores the critical need for robust data governance and proactive cybersecurity measures within Nigeria's public institutions.
