NDPC Issues Urgent Cybersecurity Advisory as Hackers Target Financial Systems
NDPC Warns Organisations as Hackers Target Financial Systems

NDPC Issues Urgent Cybersecurity Advisory as Hackers Target Financial Systems

The Nigeria Data Protection Commission (NDPC) has released an urgent regulatory advisory following a technical assessment that uncovered coordinated cyber threats aimed at the nation's financial systems and critical digital infrastructure. In a statement signed by the Commission's Head of Legal, Enforcement, and Regulations, Babatunde Bamigboye, the NDPC cautioned that "shadowy threat actors" are actively working to compromise Nigeria's data security architecture.

President Tinubu's Directive on Data Protection

The advisory reminded public establishments of President Bola Tinubu's directive, which likens data to "the new oil." The President has mandated all Ministries, Extra-Ministerial Departments, and Agencies (MDAs) to rigorously safeguard information in strict accordance with the Nigeria Data Protection Act (NDPA) of 2023. This move underscores the government's commitment to enhancing national data security amidst growing digital threats.

Key Requirements for Data Controllers and Processors

To mitigate these escalating threats, the NDPC is directing all Data Controllers and Processors, including private firms and government agencies, to "urgently step up" their technical and organisational safeguards. The advisory outlines several critical requirements:

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list
  • Identity Controls: Deployment of Multi-Factor Authentication (MFA) and Zero-Trust architecture to prevent unauthorized access.
  • System Hardening: Immediate patching of vulnerabilities and continuous network segmentation to protect against breaches.
  • Compliance Measures: Appointment of certified Data Protection Officers (DPOs) and conducting Data Privacy Impact Assessments (DPIAs) to ensure regulatory adherence.
  • Infrastructure Security: Hardening of APIs, cloud systems, and databases, alongside regular penetration testing (VAPT) to identify and address weaknesses.

The Commission warned that "organisations that fail or neglect to implement appropriate measures as required under the Nigeria Data Protection Act, 2023 may incur legal liabilities," highlighting the serious consequences of non-compliance.

MTN Nigeria Suspends Xtratime Service

In a related development, MTN Nigeria has temporarily suspended its popular airtime and data credit service, Xtratime, as it aligns with new regulatory requirements governing digital lending issued by the Federal Competition and Consumer Protection Commission (FCCPC). The telecoms firm disclosed this development in a notice to the Nigerian Exchange (NGX), stating that the pause is part of efforts to comply with the Digital, Electronic, Online or Non-Traditional Consumer Lending Regulations, 2025.

The Xtratime service, widely used by subscribers to borrow airtime or data and repay on their next recharge, has become a fallback option for millions of users during periods of financial constraint. In the statement signed by the company secretary, Uto Ukpanah, MTN explained that the suspension was necessary to enable the company to implement processes required under the new regulatory framework, ensuring full compliance and protecting consumer interests.

This suspension reflects the broader regulatory environment in Nigeria, where authorities are tightening controls on digital services to enhance security and consumer protection. As cyber threats evolve, both public and private sectors must adapt swiftly to safeguard critical infrastructure and maintain trust in digital ecosystems.

Pickt after-article banner — collaborative shopping lists app with family illustration