PRESS RELEASE
The Nigeria Data Protection Commission (NDPC) is carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities. In line with the Commission’s procedure, Notice of Investigation was duly served on the 1st of April, 2026. Relevant parties and individuals have been providing information for the purpose of addressing the incident.
The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures. The investigation by NDPC covers, among others, the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects and the mitigation measures carried out where a breach is confirmed.
The Commission’s National Commissioner/CEO, Dr Vincent Olatunji, has directed that organisations that employ digital payment systems without putting in place appropriate technical and organisational measures as mandated under the Nigeria Data Protection Act, 2023 (NDP Act), will also be examined as part of a wider effort to ensure the integrity of the ecosystem.
Signed
Babatunde Bamigboye, Esq.
Head, Legal, Enforcement & Regulations, NDPC
