Commission probes Sterling Bank, Remita over data breach

The Nigeria Data Protection Commission has commenced an investigation into an alleged data breach involving Remita Payment Services Ltd and Sterling Bank.

In a statement, the Commission confirmed that it is “carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities,” adding that a formal Notice of Investigation had already been served on April 1, 2026.

“Relevant parties and individuals have been providing information for the purpose of addressing the incident,” the statement  added.

The NDPC said the investigation is aimed at ensuring that “data subjects are protected with appropriate technical and organisational measures,” in line with its regulatory mandate.

It added that the scope of the probe includes “the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects and the mitigation measures carried out where a breach is confirmed.”

The Commission’s National Commissioner and Chief Executive Officer, Vincent Olatunji, also directed a broader compliance review across organisations operating digital payment systems.

The statement warned that firms failing to implement adequate safeguards as required under the Nigeria Data Protection Act 2023 will face scrutiny.

It stated that “organisations that employ digital payment systems without putting in place appropriate technical and organisational measures as mandated under the Nigeria Data Protection Act, 2023, will also be examined as part of a wider effort to ensure the integrity of the ecosystem.”