A hacker using the alias ByteToBreach claims to have stolen over 3 terabytes of data from Nigerian financial and government systems, including Remita and Sterling Bank. The breach allegedly involved a misconfigured Amazon S3 cloud storage bucket, from which the actor extracted customer and employee records, Know Your Customer (KYC) documents, transaction logs, source code, API keys and password hashes. On March 27, the hacker first announced the breach of Sterling Bank, claiming access to about 900,000 customer accounts and more than 3,000 employee records, including names, Bank Verification Numbers (BVN), National Identity Numbers (NIN), passports and driver's licences. ByteToBreach asserted that the Sterling Bank breach served as a gateway to Remita, the platform widely used for government payroll, tax and salary payments. Samples of the data were posted online, with the full dataset reportedly offered for sale on underground forums. Additional targets named in public posts include Zenith Bank, Oyo State Government, Leadway Assurance, fintech startup GetBumpa and Ahmadu Bello University Zaria. No official statement has been issued by any of the organisations named, nor by Nigerian banking regulators. Cybersecurity analysts note that while some leaked samples align with ByteToBreach's prior activity, the full 3TB dataset remains unverified.
The silence from Remita and Sterling Bank speaks louder than the hacker's claims—three terabytes of sensitive data allegedly exposed, yet no confirmation days after the public alert. If even half of what ByteToBreach has posted is genuine, millions of Nigerians could already be at risk of identity theft and financial fraud. The fact that a single threat actor could allegedly chain breaches across major institutions exposes systemic weaknesses in how critical platforms secure data. This isn't the first time Nigerian financial systems have been targeted, and without transparency, it won't be the last.
