News Highlights:
- The NDPC has commenced a formal investigation into an alleged data breach involving Sterling Bank and a payment services company, focusing on the scope of the breach and risks to affected individuals.
- The Commission has also ordered a broader review of organisations that use digital payment systems to ensure compliance with the Nigeria Data Protection Act, 2023.
The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Sterling Bank, a payment services company, and other entities, as part of efforts to safeguard personal data and strengthen trust in the country’s digital ecosystem.
The Commission disclosed in a statement signed by Babatunde Bamigboye, Head, Legal, Enforcement & Regulations, that a formal Notice of Investigation was issued on April 1, 2026, in line with established regulatory procedures.
It added that all relevant parties and individuals have since been cooperating by providing necessary information to aid the probe.
According to the NDPC, the investigation focuses on determining critical aspects of the incident, including the categories of personal data potentially affected, the nature and extent of the breach, the level of risk posed to data subjects, and the adequacy of mitigation measures implemented if a breach is established.
The inquiry is also expected to assess compliance with statutory requirements on data protection, particularly the deployment of appropriate technical and organisational safeguards as stipulated under the Nigeria Data Protection Act, 2023.
In a related directive, the National Commissioner and Chief Executive Officer of the Commission, Dr. Vincent Olatunji, has ordered a broader review of organisations operating digital payment platforms.
The move targets firms that may be utilising such systems without fully implementing the required data protection measures.
The NDPC emphasised that the expanded scrutiny is aimed at reinforcing accountability and ensuring the integrity, security, and resilience of Nigeria’s data protection framework.
The Commission reiterated its commitment to protecting data subjects and enforcing compliance across sectors, especially as digital financial services continue to expand rapidly.