January 31,2023

Guaranty Trust Bank (GTBank) is under investigation for allegations of breaching customers’ data weeks after the United Kingdom authorities fined the firm for money laundering failure.

All the branches under GTBank are being probed by the Nigeria Data Protection Bureau (NDPB) for alleged involvement in the unlawful disclosure of banking records to a third party.

It was also disclosed that GTBank, led by Managing Director, Miriam Olusanya, allegedly conducted unlawful access and processing of personal data

This was disclosed in a statement by NDPB’s Head, Legal Enforcement and Regulations, Babatunde Bamigboye, as reported by NAN on Monday.

Also, the data protection bureau will investigate Zenith Bank and branches under the financial institution for similar allegations of breaching customers’ data.

Although the timeframe of the probe wasn’t mentioned, the statement said the data protection bureau will also investigate all third parties involved in the data processing activities.

Why is this important?

Data breaches often lead to customers losing millions to fraudulent activities or hacking conducted by workers of an organisation or third party with access to account holders’ information or data.

Ripples Nigeria had reported that GTBank suffered 15,024 suspected fraudulent cases in 2021, involving N1.2 million belonging to customers. However, within six months of 2022, customers lost more, as N1.4 million was stolen from their accounts

Furthermore, prior to the disclosure of GTBank and Zenith Bank’s alleged involvement in data breach, several shark loans or digital lending apps had been shut down by the National Information Technology Development Agency (NITDA) for breaching the personal data of Nigerians.

Loan apps like Soko Loan, GoCash, Okash, EasyCredit, amongst others were accused of processing data of customers and blackmailing their users for failure to repay debt.

NPDB concerned about data protection failure among banks

In the statement released by NDPB, the National Commissioner of the bureau, Vincent Olatunji, stated, “The bureau notes with concern that many data privacy and protection regulations and best practices are hardly implemented down to the organisational strata of major data controllers in Nigeria.

“Similarly, the bureau enjoins organisations to heed the federal government circulars and general compliance notice directing them to send the names of their data protection officers/contacts to the bureau.

“There are reports by the Nigeria Inter-Bank Settlement System (NIBSS) which indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful with 41,979 occasions representing 91 per cent of the time.

“This level of vulnerability to a data breach is unacceptable,” Olatunji said