BREAKING: Nigeria’s Data Protection Agency Investigates Remita, Sterling Bank Over Suspected Data Leak
Story: Written by Zara April 7,2026
Nigeria’s data privacy regulator, the Nigeria Data Protection Commission, has opened a formal investigation into an alleged breach involving Remita Payment Services Ltd. and Sterling Bank.
The probe, initiated on April 1, 2026, aims to uncover whether the personal and financial details of millions of Nigerians may have been exposed through vulnerabilities within the country’s digital payment infrastructure.
In an official statement, the Commission confirmed that a “Notice of Investigation” has been issued to the affected organisations. Authorities are currently questioning key individuals and stakeholders to determine the full extent, nature, and potential impact of the suspected breach.
According to the NDPC, the investigation will examine the categories of data involved, the scale of the incident, possible risks to citizens, and any corrective measures already implemented. The regulator emphasized that safeguarding Nigerians’ data remains its top priority, in line with legal requirements.
The National Commissioner and CEO of the NDPC, Vincent Olatunji, has also ordered an expansion of the investigation to include other organisations operating within Nigeria’s digital payment ecosystem.
Under the Nigeria Data Protection Act (2023), companies are required to deploy robust technical and organisational safeguards to protect user information. The Commission warned that any entity found in violation of these standards would face strict legal consequences as part of efforts to strengthen trust in the financial technology space.
The investigation follows alarming claims by a dark web actor known as “ByteToBreach,” who alleged responsibility for hacking into both platforms. The hacker claimed to have accessed sensitive customer and employee data, including banking details, identification records, transaction histories, and internal company information.
While these claims are yet to be independently verified, the development has raised serious concerns about cybersecurity risks within Nigeria’s rapidly growing digital finance sector.
Both Remita and Sterling Bank play critical roles in Nigeria’s financial system, handling large volumes of transactions for government agencies, businesses, and individuals.
