The Nigeria Data Protection Commission (NDPC) has begun an investigation into Remita Payment Services Ltd. and Sterling Bank over an alleged data breach linked to a suspected cyberattack. The probe was triggered by reports circulating on dark web forums claiming that sensitive customer and institutional data from the platforms had been accessed and exposed. On April 1, 2026, the NDPC served a Notice of Investigation to the affected entities to determine the extent of the incident, the categories of personal data involved, and potential risks to individuals. The commission's Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, confirmed the investigation in a statement issued on Sunday. The inquiry will assess the technical and organisational safeguards the companies have in place and the steps taken to mitigate any confirmed breach. Dr Vincent Olatunji, National Commissioner and CEO of the NDPC, said the incident prompted a broader review of digital payment platforms to ensure compliance with the Nigeria Data Protection Act, 2023. Organisations found lacking in data protection measures may face scrutiny. The NDPC also investigated the global e-commerce platform Temu in February 2026 over similar allegations. As of now, neither Remita nor Sterling Bank has issued an official response to the claims.
A probe into Remita and Sterling Bank over a suspected dark web data leak highlights how even established financial platforms may be vulnerable to cyber threats. With the NDPC already investigating Temu and now domestic payment systems, the focus is shifting from isolated incidents to systemic weaknesses in data protection. If major processors like Remita are exposed, smaller fintechs without robust security could face even greater risks. This isn't just about one breach — it's about whether Nigeria's fast-growing digital finance sector can protect user trust at scale.
