The Nigeria Data Protection Commission (NDPC) has begun an investigation into an alleged data breach involving Remita Payment Services Ltd. and Sterling Bank, with other entities also under scrutiny. A notice of investigation was officially served on April 1, 2026, as confirmed by Mr. Babatunde Bamigboye, Head of Legal, Enforcement & Regulations at NDPC. The probe aims to determine the types of personal data involved, the extent of the breach, risks to affected individuals, and what measures have been taken to address it. The commission is assessing whether the companies applied the required technical and organisational safeguards under the Nigeria Data Protection Act, 2023. Dr. Vincent Olatunji, NDPC's National Commissioner and CEO, stated that any organisation using digital payment systems without compliant safeguards will be reviewed as part of a wider effort to secure Nigeria's digital financial ecosystem. The investigation follows previous NDPC actions, including a February inquiry into the e-commerce platform Temu over possible breaches of the same law. That earlier probe revealed Temu may be processing personal data of approximately 12.7 million Nigerians, with 70 million daily active users globally. The NDPC emphasized that its actions are focused on ensuring compliance and protecting user data across the fintech and banking sectors.
Regulatory scrutiny of Remita and Sterling Bank signals a shift toward stricter enforcement of data rules, even for major players in Nigeria's fintech space. The fact that the NDPC is probing established institutions—not just foreign platforms like Temu—suggests compliance can no longer be treated as optional. With 12.7 million Nigerian data profiles already flagged in the Temu case, the stakes for local firms are rising fast. This isn't just about penalties; it's about whether Nigerian financial tech can earn and keep public trust.
