NDPC Launches Investigation into Alleged Data Breach Involving Sterling Bank and Remita
The Nigeria Data Protection Commission (NDPC) has officially initiated a comprehensive investigation into an alleged data breach incident involving Remita Payment Services Ltd. and Sterling Bank, among other entities. This move underscores the Commission's commitment to enforcing data protection standards and safeguarding the personal information of Nigerian citizens in the digital age.
Formal Notice Served as Investigation Commences
In accordance with established procedural protocols, the NDPC served a formal Notice of Investigation on April 1, 2026, marking the official start of the inquiry. The Commission has confirmed that relevant parties and individuals are actively cooperating by providing necessary information to address the incident effectively. This collaborative approach is crucial for a thorough examination of the circumstances surrounding the alleged breach.
Scope and Objectives of the Probe
The investigation will meticulously cover several key areas to ensure a holistic assessment. These include the specific types of personal data involved, the nature and scope of the alleged breach, the potential risks posed to data subjects, and the mitigation measures implemented in cases where a breach is confirmed. The primary aim, as stated by the NDPC, is to verify that data subjects are protected with appropriate technical and organisational measures as mandated by law.
Statement from NDPC Leadership
In a statement released yesterday and signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, the Commission emphasized its dedication to upholding data integrity. The statement highlighted that the investigation is part of a broader effort to ensure compliance with the Nigeria Data Protection Act, 2023 (NDP Act), which sets stringent standards for data handling and security.
Wider Implications for Digital Payment Systems
Dr. Vincent Olatunji, the National Commissioner and CEO of the NDPC, has issued a directive extending the scope of the investigation. Organisations that utilise digital payment systems without implementing the required technical and organisational measures under the NDP Act will also be scrutinised. This proactive measure aims to reinforce the integrity of the entire digital payment ecosystem, preventing future breaches and enhancing public trust.
The NDPC's actions reflect a growing emphasis on cybersecurity and data protection in Nigeria's financial and technological sectors. As digital transactions become increasingly prevalent, ensuring robust data security measures is paramount to protecting consumers and maintaining the stability of the digital economy.
