The Nigeria Data Protection Commission (NDPC) has begun an investigation into an alleged data breach involving Remita Payment Services Limited and Sterling Bank, as authorities move to safeguard personal data within Nigeria’s digital payment ecosystem.
In a press release, the commission disclosed that notices of investigation were formally served on the affected organisations on April 1, 2026, in line with its regulatory procedures. The entities and other relevant parties have since been providing information to assist the commission in determining the circumstances surrounding the alleged breach.
The NDPC said the investigation is aimed at ensuring that individuals’ personal data are protected through adequate technical and organisational safeguards, as required by law.
According to the commission, the probe will examine the types of personal data involved, the nature and scope of the alleged breach, the potential risks to data subjects, and the mitigation measures taken if the breach is confirmed.
The National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, has also directed that organisations using digital payment systems without adequate security measures under the Nigeria Data Protection Act 2023 will be scrutinised.
The move, the commission said, is part of broader efforts to ensure compliance and maintain the integrity of Nigeria’s digital payment environment.
The statement was signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC.
