NDPC Launches Investigation into Alleged Data Breach Involving Remita, Sterling Bank
The Nigeria Data Protection Commission (NDPC) has initiated an investigation into a suspected data breach involving Remita Payment Services Ltd., Sterling Bank, and other entities, reflecting heightened regulatory oversight in Nigeria’s digital payments sector.
In a statement released on Sunday by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, the NDPC confirmed that a Notice of Investigation was served on the affected parties on April 1, 2026, as part of standard procedural protocols. The Commission has since begun collecting information from relevant organizations and individuals to support the inquiry.
The investigation aims to assess the scope of the breach, including the categories of personal data exposed, the nature and extent of the incident, potential risks to affected individuals, and any mitigation measures already implemented. The NDPC emphasized its commitment to ensuring data subjects are protected through robust technical and organizational safeguards.
The probe comes amid rising concerns over data privacy and security in Nigeria’s rapidly expanding fintech and banking industries, where vast amounts of personal and financial data are processed daily. Vincent Olatunji, National Commissioner and CEO of the NDPC, stated that the review would extend to organizations using digital payment platforms without full compliance with data protection requirements. These entities will be evaluated under the Nigeria Data Protection Act 2023, as part of broader efforts to enforce compliance and strengthen the country’s data protection framework.
Source: https://businessday.ng/news/article/ndpc-probes-remita-sterling-bank-over-alleged-data-breach/
Sterling Bank cybersecurity rating report: https://www.rankiteo.com/company/sterling-bank-ltd
Remita cybersecurity rating report: https://www.rankiteo.com/company/remitanet
"id": "STEREM1775473005",
"linkid": "sterling-bank-ltd, remitanet",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Digital Payments',
'location': 'Nigeria',
'name': 'Remita Payment Services Ltd.',
'type': 'Fintech'},
{'industry': 'Banking',
'location': 'Nigeria',
'name': 'Sterling Bank',
'type': 'Bank'}],
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal data',
'Financial data']},
'date_publicly_disclosed': '2026-04-01',
'description': 'The Nigeria Data Protection Commission (NDPC) has initiated '
'an investigation into a suspected data breach involving '
'Remita Payment Services Ltd., Sterling Bank, and other '
'entities, reflecting heightened regulatory oversight in '
'Nigeria’s digital payments sector.',
'impact': {'data_compromised': 'Personal and financial data'},
'investigation_status': 'Ongoing',
'references': [{'source': 'NDPC Statement'}],
'regulatory_compliance': {'regulations_violated': ['Nigeria Data Protection '
'Act 2023'],
'regulatory_notifications': 'Notice of '
'Investigation served '
'on April 1, 2026'},
'title': 'NDPC Launches Investigation into Alleged Data Breach Involving '
'Remita, Sterling Bank',
'type': 'Data Breach'}