Nigeria’s data protection watchdog has commenced a formal probe into payment platform Remita and financial institution Sterling Bank following reports of a possible breach involving sensitive customer information.
In a statement issued by Babatunde Bamigboye, head of legal, enforcement and regulations at the Nigeria Data Protection Commission (NDPC), the regulator confirmed that both organisations were served official notices on April 1, 2026.
The inquiry seeks to establish whether personal and financial data belonging to Nigerians was compromised.
According to the Commission, the investigation will assess the categories of data potentially affected, the scale and nature of the incident, and the level of risk posed to individuals. It will also evaluate the adequacy of response measures taken if a breach is confirmed.
The development follows a surge of online alerts suggesting cyber intrusions linked to the two entities. A threat actor known as “ByteToBreach” has claimed responsibility for infiltrating systems associated with both organisations.
Reports circulating on cyber intelligence platforms allege that a substantial volume of data tied to Remita—running into terabytes—may have been leaked on underground forums.
The dataset is said to include Know Your Customer records such as identification documents, financial statements, and system backups.
Separately, reports regarding Sterling Bank suggest that data linked to hundreds of thousands of customers and thousands of staff records may have been exposed.
The alleged breach reportedly includes sensitive banking details, identity information, and transaction histories.
The NDPC noted that its priority is to ensure that organisations comply with required data protection standards, including the implementation of robust safeguards to secure personal information.
Under the Nigeria Data Protection Act 2023, companies found in violation risk significant penalties, including fines or corrective regulatory actions.
The probe comes at a critical time for Nigeria’s rapidly expanding digital finance ecosystem, where trust in data security remains central to user confidence.
The outcome of the investigation is expected to shape regulatory enforcement and reinforce accountability across the sector.
Share
