The Nigeria Data Protection Commission (NDPC) has commenced an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities, underscoring heightened regulatory scrutiny in Nigeria’s digital payments ecosystem.
In a statement issued on Sunday by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, the Commission disclosed that a Notice of Investigation was served on the affected parties on April 1, 2026, in line with established procedures. It added that relevant organisations and individuals have begun providing information to support the inquiry.
The NDPC said the investigation was aimed at ensuring that data subjects are adequately protected through the deployment of appropriate technical and organisational safeguards.
The probe will examine the categories of personal data involved, the nature and scope of the alleged breach, potential risks to affected individuals, and mitigation measures implemented where a breach is confirmed.
The move comes amid growing concerns over data privacy and security within Nigeria’s fast-expanding fintech and banking sectors, where large volumes of personal and financial data are processed daily.
Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC, said the Commission would also extend its review to organisations that utilise digital payment platforms without fully complying with data protection requirements.
He noted that such entities would be assessed under the provisions of the Nigeria Data Protection Act 2023, as part of broader efforts to strengthen compliance and safeguard the integrity of the country’s data protection ecosystem.