The Commission emphasized that the investigation forms part of its mandate to enforce compliance with data protection regulations and strengthen trust in the country’s rapidly growing digital and financial services sector.
The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Ltd, Sterling Bank, and other related entities.
According to a press release dated April 5, 2026, the Commission confirmed that a Notice of Investigation was issued on April 1, 2026, in line with its regulatory procedures. Relevant parties and individuals have since begun providing information to support efforts to address the incident.
The NDPC stated that the investigation aims to ensure that data subjects are adequately protected through appropriate technical and organizational safeguards. The probe will assess the types of personal data involved, the nature and scope of the alleged breach, the risks posed to individuals, and the mitigation measures implemented where a breach is confirmed.
National Commissioner and CEO, Vincent Olatunji, also directed that organizations operating digital payment systems without adequate data protection measures, as required under the Nigeria Data Protection Act (2023), will be scrutinized as part of broader efforts to safeguard the integrity of Nigeria’s digital ecosystem.
The Commission emphasized that the investigation forms part of its mandate to enforce compliance with data protection regulations and strengthen trust in the country’s rapidly growing digital and financial services sector.
