The Nigeria Data Protection Commission, NDPC, says it is investigating an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities.
In a press release dated April 5, 2026, the Commission said notices of investigation were served on April 1, 2026, in line with its procedure. It added that relevant parties and individuals had begun providing information to help address the incident.
According to the Commission, the probe will examine the types of personal data involved, the nature and scope of the alleged breach, the risk posed to data subjects, and the mitigation measures taken where a breach is confirmed.
The NDPC said the investigation is aimed at ensuring that data subjects are protected through appropriate technical and organisational measures.
The Commission also signalled that the inquiry could extend beyond the immediate case. It said organisations that use digital payment systems without adequate technical and organisational safeguards, as required under the Nigeria Data Protection Act, 2023, will also come under scrutiny as part of a broader effort to protect the integrity of the ecosystem.
NDPC National Commissioner and Chief Executive Officer, Dr Vincent Olatunji, was quoted in the statement as directing that such organisations be examined as part of the wider enforcement effort.
The statement was signed by Babatunde Bamigboye, Head, Legal, Enforcement and Regulations at the Commission.
This development places fresh attention on data protection compliance in Nigeria’s financial and digital payment sectors, especially as regulators intensify oversight of how organisations collect, process and secure personal data.
