Regulatory Scrutiny Intensifies in Nigeria’s Digital Payments Sector

The Nigeria Data Protection Commission (NDPC) has launched a formal investigation into Remita Payment Services Ltd. and Sterling Bank following claims of data breaches by threat actor “ByteToBreach.” The probe aims to determine the nature, scope, and impact of these alleged incidents.

What Happened?

According to reports emerging from dark web forums, ByteToBreach claimed unauthorized access to both institutions’ systems:

Sterling Bank: Allegedly compromised 900,000 customer accounts and over 3,000 employee files on March 27, 2026. The stolen data reportedly included sensitive information like bank verification numbers, account details, transaction records, and identity documents.
Remita: On March 31, the same actor claimed to extract approximately 3 terabytes of data from cloud storage infrastructure linked to Remita, Nigeria’s major payment processing platform used for government transactions. This included over 800 gigabytes of Know Your Customer (KYC) documentation with passports, IDs, bank statements, and more.

The NDPC confirmed serving a notice of investigation on April 1, 2026, and stated that relevant parties are cooperating by providing information.

Regulatory Implications

This investigation underscores the growing regulatory focus on data protection in Nigeria’s fintech sector. The Nigeria Data Protection Act 2023 mandates organizations to:

Report breaches likely to affect individuals within 72 hours
Directly inform users when breaches create a high risk of fraud or financial harm
Implement technical and organizational safeguards to protect personal data

The NDPC’s actions follow similar inquiries into companies like Temu, signaling increased oversight across digital platforms.

Broader Context

Remita, operated by SystemSpecs, processes billions in government payments annually, making this a particularly significant incident. Sterling Bank serves hundreds of thousands of customers nationwide. If verified, these breaches could potentially affect millions of Nigerians and compromise sensitive financial infrastructure.

The NDPC emphasized that the investigation prioritizes user data protection and compliance across the fintech and banking sectors.

Written with the assistance of AI. Reviewed and edited by the AfricanCIO editorial team.

Regulatory Scrutiny Intensifies in Nigeria’s Digital Payments Sector

What Happened?

Regulatory Implications

Broader Context

Related articles

Empowering African Innovation: University Students Tackle Real-World Challenges

Esca Finance Partners With MANSA for Same-Day Payment Settlements Across Africa

Africa Emerges as Major Outsourcing Hub, Challenging Asia's Dominance