Nigeria Data Protection Commission (NDPC) has opened an investigation into an alleged data breach involving Remita Payment Services Limited, Sterling Bank and other entities, as concerns mount over the safety of personal data within Nigeria’s financial ecosystem.
The probe, announced in a statement signed on Sunday by the Head of Legal, Enforcement and Regulations at the commission, Babatunde Bamigboye, follows reports of a possible compromise affecting sensitive customer information.
According to the statement, notices of investigation were issued to the organisations on April 1, 2026, with affected parties already responding to enquiries.
“The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures,” the commission said.
It added that the inquiry would examine the nature and scope of the alleged breach, the categories of personal data involved, potential risks to individuals, and any mitigation steps taken where infractions are established.
The National Commissioner and Chief Executive Officer of NDPC, Vincent Olatunji, has also directed a broader review of organisations deploying digital payment systems without adequate safeguards, warning that compliance with the Nigeria Data Protection Act, 2023, would be strictly enforced.
The development comes amid heightened anxiety over cybersecurity threats in Nigeria’s financial sector.
Recent reports indicate that a cybercriminal claimed to have breached the systems of Sterling Bank, allegedly exposing data linked to hundreds of thousands of customers, although the claim has not been officially confirmed.
Around the same period, similar breach claims were made involving Remita, one of Nigeria’s widely used government payment platforms, prompting increased scrutiny across the sector.
The latest probe is consistent with NDPC’s recent enforcement drive. In 2024, the commission imposed a N555.8 million fine on Fidelity Bank over data protection violations; one of the largest penalties issued under the current regulatory regime.
