The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other entities.
In a statement dated April 5, 2026, the Commission said it had issued a formal Notice of Investigation on April 1, with affected organisations and individuals already providing information to support the inquiry.
The NDPC said the probe is aimed at safeguarding data subjects and ensuring that adequate technical and organisational measures are in place to protect personal data, in line with the Nigeria Data Protection Act 2023.
According to the Commission, the investigation will assess the types of personal data involved, the nature and scope of the alleged breach, potential risks to individuals, and any mitigation steps taken by the organisations.
The National Commissioner and CEO of the NDPC, Vincent Olatunji, also directed that organisations deploying digital payment systems without adequate data protection safeguards will be scrutinised as part of a broader effort to strengthen the integrity of Nigeria’s digital ecosystem.
The NDPC reiterated its commitment to enforcing compliance with data protection laws and ensuring accountability across the country’s rapidly growing digital payments space.
