Femi Ashekun/
The Nigeria Data Protection Commission has commenced an investigation into an alleged data breach involving Remita Payment Services Ltd and Sterling Bank, raising fresh concerns about data security within Nigeria’s fast-growing digital payments ecosystem.
In a press release dated April 5, 2026, the Commission confirmed that it is “carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities,” adding that a formal Notice of Investigation had already been served on April 1, 2026.
According to the statement, “relevant parties and individuals have been providing information for the purpose of addressing the incident,” signalling that the probe is already underway with cooperation from affected stakeholders.
The NDPC said the investigation is aimed at ensuring that “data subjects are protected with appropriate technical and organisational measures,” in line with its regulatory mandate.
It added that the scope of the probe includes “the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects and the mitigation measures carried out where a breach is confirmed.”
The Commission’s National Commissioner and Chief Executive Officer, Vincent Olatunji, has also directed a broader compliance review across organisations operating digital payment systems.
The statement warned that firms failing to implement adequate safeguards as required under the Nigeria Data Protection Act 2023 will face scrutiny.
It stated that “organisations that employ digital payment systems without putting in place appropriate technical and organisational measures as mandated under the Nigeria Data Protection Act, 2023, will also be examined as part of a wider effort to ensure the integrity of the ecosystem.”
The development comes amid growing public anxiety over data protection and financial security, particularly as Nigeria continues to deepen its reliance on electronic payment platforms for government collections, banking transactions and private sector services.
Remita, operated by SystemSpecs, is widely used for processing payments for federal government agencies and corporate institutions, while Sterling Bank is one of Nigeria’s established commercial banks with a strong footprint in digital banking.
Any confirmed breach involving such platforms could have significant implications for millions of users and institutional clients.
Nigeria’s data protection framework has evolved in recent years, culminating in the enactment of the Nigeria Data Protection Act, 2023, which established the NDPC as the primary regulator.
The law mandates data controllers and processors to adopt robust security measures, report breaches where necessary and ensure accountability in the handling of personal data.
Industry analysts say the current investigation will test the enforcement strength of the NDPC and could set a precedent for how data breaches involving major financial service providers are handled in Nigeria.
As of the time of filing this report, neither Remita nor Sterling Bank had issued a detailed public response to the NDPC’s announcement.
0Related posts:
New York Fashionista Killed Self by Design – Police
UTME 2017: Candidates Endorse Remita
Alleged Remita Breach: Hackers Claim Leak of Massive Data Trove from Nigerian Payment Platform
Police Nab Suspected Kidnappers who Killed Varsity Don and a Nigerian Dream
Debt Recovery: Sterling Bank Defeats Stella Oduah …Court Orders Assets Seized, $16.4M, N100.5M Involved
Revealed: The Articles that Got Jamal Khashoggi Killed