NDPC Investigates Remita and Sterling Bank Over Alleged Data Breach
The Nigeria Data Protection Commission (NDPC) has initiated a formal investigation into a suspected data breach involving Remita Payment Services Limited and Sterling Bank, among other entities. This move comes as growing concerns emerge regarding the security of personal data within Nigeria's financial sector, highlighting potential vulnerabilities in digital payment systems.
Details of the Investigation
In a statement released on Sunday and signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, the commission confirmed that notices of investigation were issued to the affected organisations on April 1, 2026. According to the statement, the primary objective of this probe is to ensure that data subjects are adequately protected through appropriate technical and organisational measures. The NDPC emphasized that the inquiry will thoroughly examine the nature and scope of the alleged breach, the specific categories of personal data involved, potential risks to individuals, and any mitigation steps taken if infractions are confirmed.
Broader Regulatory Review
Vincent Olatunji, the National Commissioner and Chief Executive Officer of the NDPC, has directed a comprehensive review of organisations that deploy digital payment systems without sufficient safeguards. This broader assessment aims to enforce strict compliance with the Nigeria Data Protection Act, 2023, signaling a tougher stance on data protection violations. The commission's action reflects an ongoing effort to bolster cybersecurity measures across the financial ecosystem, as threats to data integrity continue to escalate.
Context of Cybersecurity Concerns
The investigation follows recent reports of cybersecurity incidents that have heightened anxiety within Nigeria's financial sector. Allegations surfaced that a cybercriminal claimed to have breached Sterling Bank's systems, potentially exposing data linked to hundreds of thousands of customers. Although these claims have not been officially verified, they have prompted increased scrutiny. Similarly, breach claims involving Remita, a widely used government payment platform, have added to the sector's vulnerabilities, driving the NDPC to take proactive enforcement steps.
Enforcement History and Implications
This latest probe aligns with the NDPC's recent enforcement initiatives, which have included significant penalties for data protection violations. In 2024, the commission imposed a fine of N555.8 million on Fidelity Bank, marking one of the largest penalties under the current regulatory framework. The investigation into Remita and Sterling Bank underscores the commission's commitment to holding organisations accountable and ensuring robust data security practices are in place to protect Nigerian consumers.
