by Chibuike Nkwede
The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Limited, Sterling Bank, and other entities, following reports of a suspected cyberattack circulating on dark web forums.
The alleged breach, which has sparked fresh concerns over the safety of customer information and the resilience of Nigeria’s digital payment infrastructure, reportedly involves claims by threat actors that sensitive customer and institutional data linked to the platforms had been accessed and exposed.
In a statement issued on Sunday, the commission said the investigation was initiated after intelligence emerged from dark web channels suggesting a possible compromise of critical data systems.
According to the statement, signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, the probe formally commenced with the issuance of a Notice of Investigation on April 1, 2026.
The NDPC said the inquiry is aimed at determining the full scope of the alleged incident, identifying the categories of personal data that may have been affected, and assessing the level of risk posed to data subjects.
The commission disclosed that relevant organisations and individuals are already cooperating with investigators by providing information to support the ongoing inquiry and help address the situation.
It added that the investigation would also examine the technical and organisational safeguards put in place by the affected entities, as well as the mitigation measures activated in the event that the breach is confirmed.
“The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures,” the commission stated.
It further noted that the probe covers, among other areas, the nature and extent of the alleged breach, the specific types of personal data involved, the risks to affected individuals, and the response mechanisms adopted by the organisations under scrutiny.
National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, has also directed a broader compliance review of organisations operating digital payment systems across the country to ensure adherence to the provisions of the Nigeria Data Protection Act, 2023.
He warned that entities found to be operating without adequate data protection frameworks would face closer regulatory scrutiny as part of efforts to preserve trust and strengthen the integrity of Nigeria’s digital ecosystem.
As of the time of filing this report, neither Sterling Bank nor Remita had issued an official statement in response to the allegations.
The latest development comes months after the NDPC launched a separate investigation into global e-commerce platform Temu in February over alleged violations of Nigeria’s data protection law.