A cybersecurity breach linked to a threat actor known as "ByteToBreach" has drawn scrutiny toward Sterling Bank, Remita, and the Corporate Affairs Commission (CAC) over alleged failures in data protection. Reports indicate the hacker exploited long-undisclosed vulnerabilities to gain unauthorised access to sensitive systems, with compromised credentials reportedly enabling cross-platform access. The CAC confirmed "unauthorised access to limited aspects" of its system and stated it is working with the National Information Technology Development Agency to resolve the issue. Concerns have intensified over the exposure of sensitive data, including company ownership records and identity documents, given the CAC's role as Nigeria's central corporate registry. The Nigeria Data Protection Commission has reportedly launched investigations into compliance with the Nigeria Data Protection Act 2023, particularly around breach notification timelines. Technext24 reported the vulnerabilities had remained unpatched for months, raising questions about institutional response times and security oversight. Cybersecurity analysts point to delayed patching, weak credential management, and poor access controls as key systemic flaws exposed by the incident. Despite the scale of access described in technical analyses, official statements from the affected organisations have been minimal. The breach has triggered public debate over transparency and accountability in safeguarding critical digital infrastructure within Nigeria's financial and regulatory sectors.
The breach reveals that known vulnerabilities in major Nigerian institutions were left unpatched for months, not due to sophisticated attacks but preventable oversights. If compromised credentials from one system enabled access to another, it suggests integration without adequate security safeguards across entities handling sensitive data. The CAC's description of "limited" access appears at odds with the nature of data stored, including ownership and identity records central to corporate integrity. This incident exposes a gap between digital expansion and the implementation of enforceable security accountability.
💡 NaijaBuzz is an AI-assisted news aggregator. This content is curated from third-party sources — NaijaBuzz is not the original publisher and is not responsible for the accuracy of source reporting. The NaijaBuzz Take is AI-assisted editorial opinion only, not established fact. All persons mentioned are presumed innocent until proven guilty by a court of competent jurisdiction. NaijaBuzz does not endorse the views expressed in source articles.
