The Corporate Affairs Commission’s disclosure of a cybersecurity breach has triggered a broader warning across Nigeria’s public sector. The National Information Technology Development Agency has directed Ministries, Departments and Agencies to tighten digital security controls.
CAC said it was reviewing a cybersecurity incident involving unauthorised access to limited aspects of its information systems. The commission said it activated response protocols after detecting the breach. It also said it was working with NITDA, other government agencies and partners to assess the scope and impact.
The development has raised fresh concerns over the security of government digital platforms. This is especially so for systems that support business registration, filings and access to official records. CAC said containment measures had been introduced. It added that extra safeguards were deployed while investigations continue.
In a statement on Friday, NITDA and CAC said they had activated coordinated response and assurance mechanisms. They said the measures were in line with national cybersecurity frameworks. They said the goal was to protect critical infrastructure and maintain service integrity.
Against that backdrop, NITDA directed all MDAs to immediately review and reinforce their cybersecurity architecture. It said the directive was in line with the National Cybersecurity Policy and Strategy 2021. The agency warned of emerging threats targeting government systems and sensitive data.
NITDA said MDAs must conduct comprehensive security assessments. It said they must fix identified vulnerabilities and strengthen access controls across critical platforms. It also directed public institutions to improve data protection measures. They are also to maintain effective backup and disaster recovery systems. They must also enhance monitoring capabilities to detect and respond to suspicious activities.
NITDA added that MDAs must maintain functional incident response frameworks. This includes the prompt reporting of cybersecurity breaches for coordinated intervention.
The agency said detailed cybersecurity guidelines had already been issued to MDAs. It said the move was part of wider efforts to strengthen resilience across public sector digital infrastructure. It added that the goal is to protect national digital assets.
While the review is ongoing, CAC advised users of its portal to monitor their records. It also asked them to update login credentials and remain cautious of unsolicited communications. The commission said it remains committed to protecting the integrity of its database. It added that further updates would be provided as investigations progress.
