Remita, the widely used Nigerian payment platform responsible for processing salaries for federal and state government workers as well as private sector employees, has directed partners to regenerate their API keys and whitelist IP addresses. The instruction followed reports of a significant data breach allegedly exposing at least three terabytes of sensitive data, including Know Your Customer (KYC) documents, National Identification Numbers, bank statements, passports, and government Hardware Security Module (HSM) secrets. In an email sent on Tuesday, Remita cited "some hitches in the interface between our environment and yours" and attributed the disruption to efforts aimed at improving operational efficiency. The company assured full service restoration by 3:00 p.m. on March 31. However, the directive to regenerate API credentials—a step typically associated with responding to cyberattacks—raised alarms. The same day, DarkWebInformer, an X account tracking global cyberattacks, reported a breach on Remita's Amazon Cloud server. A hacker known as Bytetobreach claimed responsibility, stating that over 800 gigabytes of KYC data, 35,000 password hashes, source code, and government HSM keys were accessed. Remita did not confirm a breach.
Remita's vague reference to "hitches" while demanding API key resets contradicts its claim of routine maintenance, especially given the hacker's detailed exposure of sensitive government and financial data. The platform processes payroll for millions of Nigerians and handles critical government transactions, making any security lapse a national concern. If the breach is confirmed, the compromise of HSM keys could undermine the integrity of financial systems tied to Remita's infrastructure. Downplaying the incident does not reduce the risk to users whose personal and financial data may already be circulating.
