NDPC Investigates Remita and Sterling Bank Over Alleged Data Breach

The Nigeria Data Protection Commission has officially launched an investigation into an alleged data breach involving Remita Payment Services Ltd. and Sterling Bank, aimed at protecting personal data and enforcing compliance with Nigeria’s data protection laws.

What Happened

• A Notice of Investigation was served to Remita, Sterling Bank, and other related entities on April 1, 2026, in line with NDPC procedures.
• The probe follows reports on cybercrime forums of a possible breach that may have exposed sensitive customer and financial data linked to these platforms.

Scope of the Investigation

The NDPC is examining several key areas, including:

• The categories of personal data involved
• The nature and scope of the alleged breach
• Potential risks to affected individuals (data subjects)
• Mitigation measures taken where a breach is confirmed
   
  NDPC officials have confirmed that affected parties are cooperating and providing information to support the inquiry.

Regulatory and Compliance Focus

In the investigation statement, the Commission emphasised that the probe is part of its broader mandate to enforce compliance with the Nigeria Data Protection Act 2023, ensuring organisations implement appropriate technical and organisational safeguards to protect personal data. Entities found to be operating without required safeguards may face further scrutiny and regulatory action as part of wider efforts to safeguard the integrity of Nigeria’s digital ecosystem.

Broader Implications

The investigation reflects increased regulatory scrutiny over digital payment services in Nigeria, especially as adoption of online banking and fintech platforms grows rapidly. If confirmed, such breaches could have serious implications for public trust in digital financial services and trigger enforcement actions under Nigeria’s data protection regime.