Nigeria’s Corporate Affairs Commission: Nigeria’s CAC hit by cyberattack, raising fears for business data security

Nigeria’s Corporate Affairs Commission (CAC) Hit by Cyberattack

On April 15, Nigeria’s Corporate Affairs Commission (CAC) confirmed a cyberattack on its systems, prompting an immediate investigation with support from the National Information Technology Development Agency (NITDA). The CAC, led by Registrar-General Hussaini Ishaq Magaji, manages the country’s primary portal for company registrations, filings, and corporate compliance.

The breach was detected after unauthorized access to parts of the CAC’s information systems. While response protocols were activated, officials advised users to update login credentials and monitor their records as a precaution. The incident raises concerns about potential disruptions to business registrations and compliance processes, which could affect thousands of companies from startups to multinationals relying on the CAC’s digital services.

Nigeria’s push for digital transformation has outpaced cybersecurity measures, leaving government databases vulnerable to attacks. Security experts warn that a breach of sensitive corporate data could enable fraud, identity theft, or corporate espionage. NITDA, led by Director-General Kashifu Inuwa Abdullahi, is assisting the CAC’s response and has previously emphasized the need for stronger national cyber defenses.

The attack comes at a critical time, as the CAC’s online services play a key role in Nigeria’s ease-of-doing-business reforms. While the agency has pledged to protect the corporate registry’s integrity, businesses are closely monitoring developments to assess potential data exposure and service disruptions. The incident underscores broader concerns about Nigeria’s digital infrastructure resilience.

Source: https://businessday.ng/technology/article/nigerias-cac-hit-by-cyberattack-raising-fears-for-business-data-security/

Corporate Affairs Commission cybersecurity rating report: https://www.rankiteo.com/company/corporate-affairs-commission

"id": "COR1776328192",
"linkid": "corporate-affairs-commission",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Thousands of companies from '
                                              'startups to multinationals',
                        'industry': 'Government/Regulatory',
                        'location': 'Nigeria',
                        'name': 'Corporate Affairs Commission (CAC)',
                        'type': 'Government Agency'}],
 'customer_advisories': 'Users advised to update login credentials and monitor '
                        'their records',
 'data_breach': {'personally_identifiable_information': 'Potential',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Corporate data, potentially '
                                             'sensitive'},
 'date_detected': '2024-04-15',
 'date_publicly_disclosed': '2024-04-15',
 'description': 'On April 15, Nigeria’s Corporate Affairs Commission (CAC) '
                'confirmed a cyberattack on its systems, prompting an '
                'immediate investigation with support from the National '
                'Information Technology Development Agency (NITDA). The breach '
                'was detected after unauthorized access to parts of the CAC’s '
                'information systems. The incident raises concerns about '
                'potential disruptions to business registrations and '
                'compliance processes, which could affect thousands of '
                'companies relying on the CAC’s digital services. Nigeria’s '
                'push for digital transformation has outpaced cybersecurity '
                'measures, leaving government databases vulnerable to attacks. '
                'Security experts warn that a breach of sensitive corporate '
                'data could enable fraud, identity theft, or corporate '
                'espionage.',
 'impact': {'data_compromised': 'Sensitive corporate data',
            'identity_theft_risk': 'Yes',
            'operational_impact': 'Potential disruptions to business '
                                  'registrations and compliance processes',
            'systems_affected': 'CAC’s information systems'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Nigeria’s digital transformation has outpaced '
                    'cybersecurity measures, leaving government databases '
                    'vulnerable to attacks.',
 'post_incident_analysis': {'root_causes': 'Insufficient cybersecurity '
                                           'measures relative to digital '
                                           'transformation pace'},
 'recommendations': 'Stronger national cyber defenses, enhanced monitoring, '
                    'and proactive security measures for government agencies.',
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Advised users to update login '
                                        'credentials and monitor their records',
              'incident_response_plan_activated': 'Yes',
              'third_party_assistance': 'National Information Technology '
                                        'Development Agency (NITDA)'},
 'title': 'Nigeria’s Corporate Affairs Commission (CAC) Hit by Cyberattack',
 'type': 'Cyberattack'}