Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach linked to Remita, a payment platform operated by SystemSpecs. The commission confirmed it was probing SystemSpecs, two financial institutions, and an unnamed third-party vendor following reports of unauthorised access to personal and financial data. The probe was initiated after alerts surfaced about a potential leak affecting millions of users, including names, bank details, and transaction records. NDPC stated it issued enforcement notices to the involved parties, requiring immediate disclosure of facts and mitigation steps. The commission emphasized its authority under the Nigeria Data Protection Regulation (NDPR) to safeguard citizens' data and ensure compliance by data controllers. SystemSpecs has not issued a public statement on the matter, while the affected banks have not been named. The investigation could result in sanctions if violations are found. This is one of the most high-profile data protection cases since the NDPC was established.
A probe into Remita exposes how deeply embedded payment platforms hold sensitive financial data, with little visibility for users. If millions of records were exposed, the incident challenges trust in Nigeria's digital payment backbone. Companies like Paystack and Flutterwave may face tougher scrutiny if regulators tighten data handling rules. The outcome could redefine how fintechs manage user data across the country.
