Nigeria's Election Data at Risk as Hackers Target Government and Banks
A sophisticated wave of ransomware attacks has posed a severe threat to Nigerian government agencies and top-tier financial institutions over the past three weeks, exposing deep-seated systemic weaknesses in the nation's rapidly digitising economy. Reports from the National Information Technology Development Agency (NITDA) and the Corporate Affairs Commission (CAC) confirm that coordinated and sophisticated threat actors have successfully breached critical infrastructure, leading to service outages and the suspected theft of sensitive citizen data.
Breach Details and Immediate Actions
In response to the severity of the breach, the CAC temporarily suspended its companies' registration portal, while the Nigeria Data Protection Commission (NDPC) has launched an investigation into the attacks. The threat actor, identified as ByteToBreach, unleashed a ransomware attack on the CAC, allegedly exfiltrating approximately 25 million documents totaling about 750GB. This includes sensitive corporate intelligence, ownership structures, and identity data, with over 15 million documents of substantial value.
ByteToBreach, a prolific threat actor active since at least June 2025, specialises in exploiting Internet-facing systems to steal, sell, and publish sensitive databases. The attack stages documented by the actor range from initial access to full data exfiltration, highlighting systemic failures in data asset management. This breach is part of a broader pattern, following recent attacks on the Remita payment platform and Sterling Bank, where misconfigured cloud storage and human errors were exploited.
Concerns for Election Security and National Sovereignty
The vulnerabilities in Nigeria's cybersecurity landscape have shifted from opportunistic fraud to high-stakes institutional extortion, raising serious concerns as the country prepares for the 2027 general elections. Experts warn that the Independent National Electoral Commission (INEC) could become a target, with systems like IReV and BVAS at risk of ransomware, DDoS attacks, or data theft. An ICT expert from the Elders Forum emphasised that both physical and digital election security must be addressed urgently to prevent erosion of public trust.
Cybersecurity expert Allen Aliogwo explained that the CAC breach exposes beneficial ownership structures, undermining efforts to combat money laundering and shell companies. He stated that this breach represents a failure of digital stewardship and poses existential risks for businesses, as fraudsters now have a 'master key' to corporate data. The geopolitical implications are significant, with rival nations potentially mapping critical infrastructure vulnerabilities.
International Context and Systemic Failures
The current wave of attacks is not isolated to Nigeria. Recently, hackers released data stolen from Standard Bank of South Africa and its insurer, Liberty, exposing client records and raising concerns over digital defences. ByteToBreach has also claimed responsibility for attacks on Sweden's e-government infrastructure, indicating its capability as a global threat operator targeting state institutions.
In Nigeria, the NDPC has issued an advisory urging data controllers and processors to enhance technical measures, such as appointing certified Data Protection Officers and implementing zero-trust security architectures. However, experts like Emeka Orjiani criticise the archaic cybersecurity architecture, calling for hiring the right people and training staff to secure national sovereignty. Jide Awe, an innovation policy advisor, emphasised the need for a 'security-by-design' culture to address the imbalance between rapid digitisation and inadequate security frameworks.
Economic Impact and Future Recommendations
According to Deloitte's "Nigeria Cyber Security Outlook 2026" report, the economic impact of cybercrime has been substantial, with Nigeria losing over $3 billion between 2019 and 2025, and annual losses estimated at around $500 million. The report recommends measures like human-AI collaboration for threat detection, zero-trust architectures, and basic cybersecurity hygiene to build resilience without expensive solutions.
The NDPC's investigation into the CAC breach and other incidents highlights the urgent need for systemic improvements. As Nigeria faces escalating cyber threats, stakeholders stress that cybersecurity must be treated as a leadership priority, with transparency and accountability to maintain public confidence and protect critical infrastructure ahead of the 2027 elections.
