Abuja, Nigeria – Nigeria’s data protection regulator has launched an investigation into Remita Payment Services Ltd. and Sterling Bank following reports of a potential large-scale data breach that may have exposed sensitive personal and financial information of Nigerians.
Okay News reports that the Nigeria Data Protection Commission confirmed that a formal Notice of Investigation was served on April 1, 2026. The probe comes after growing concerns over a suspected cyber incident involving both entities, with the aim of determining the extent of the alleged breach and ensuring affected data subjects are adequately protected.
The investigation covers the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and mitigation measures carried out when a breach is confirmed. The NDPC’s action follows a series of cyber threat alerts circulating online, including claims by a threat actor identified as ByteToBreach.
A post by cyber intelligence account Dark Web Informer alleged that a massive dataset linked to Remita had been leaked on a cybercrime forum, involving about 3 terabytes of data from cloud storage, including over 800GB of KYC documents. Another alert claimed that ByteToBreach had breached Sterling Bank’s systems, exposing data tied to approximately 900,000 customer accounts.
Reports suggest the alleged breach may extend beyond the two entities, with claims that data linked to organizations such as Zenith Bank, Oyo State Government, Leadway Assurance, and others may have been exposed.
Under the Nigeria Data Protection Act 2023, organisations are required to implement strong safeguards to protect user data. If investigations show compliance gaps, affected organisations could face penalties of up to N10 million or 2 percent of their annual gross revenue. This data breach investigation highlights growing concerns over cybersecurity in Nigeria’s financial sector.
