The Nigeria Data Protection Commission (NDPC) has launched an investigation into a suspected data breach linked to Remita Payment Services Ltd., Sterling Bank and other unnamed institutions.
The development was disclosed on Monday by the Head of Legal, Enforcement and Regulations at the commission, Babatunde Bamigboye, who confirmed that formal notices of investigation were issued to the affected organisations on April 1 in line with regulatory procedures.
Bamigboye explained that the institutions and relevant individuals involved have begun cooperating with the commission by submitting information to support the inquiry and help determine the extent of the incident.
According to him, the probe will assess critical aspects of the alleged breach, including the category of personal data exposed, the scope and nature of the incident, potential risks to affected individuals, and the adequacy of response measures taken by the organisations.
He emphasised that the NDPC’s primary objective is to ensure that data subjects are properly safeguarded through effective technical and organisational protections, as required by law.
Also speaking on the matter, the National Commissioner of the NDPC, Vincent Olatunji, warned that companies operating digital payment platforms without robust data protection frameworks would face regulatory scrutiny.
Olatunji noted that compliance with the Nigeria Data Protection Act 2023 is mandatory, adding that the ongoing investigation forms part of broader efforts to strengthen trust, accountability, and security within Nigeria’s digital ecosystem.
The commission assured the public that further updates would be provided as investigations progress.
