The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Ltd. and Sterling Bank. A Notice of Investigation was served on the affected parties on April 1, 2026, according to Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC. The probe will assess the types of personal data involved, the extent of the breach, potential risks to individuals, and any steps taken to address it. The Commission confirmed that relevant organisations and individuals are already providing information to support the inquiry. The investigation is being conducted under the Nigeria Data Protection Act 2023, with a focus on ensuring that proper technical and organisational safeguards are in place to protect user data. Vincent Olatunji, National Commissioner and CEO of the NDPC, stated that the review will also include other organisations using digital payment platforms but failing to comply with data protection regulations. This marks a significant regulatory move amid rising concerns over data privacy in Nigeria's expanding fintech and banking sectors, where millions of users entrust sensitive financial and personal information to digital systems daily.
The investigation into Remita and Sterling Bank signals a shift toward stricter enforcement of data rules, not just for banks and payment firms but for all digital platforms handling user data. With Nigeria's fintech sector growing rapidly, the NDPC's move could set a precedent for how companies like Paystack or Flutterwave manage compliance in practice, not just in policy. This is less about one breach and more about defining accountability in an ecosystem built on data trust.
