Nigeria: Nigeria Data Protection Commission opened an investigation into Remita Payment Services, Sterling Bank, and other entities over alleged data breach

On 1 April 2026, the Data Protection Commission (NDPC) opened an investigation into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities. The investigation covers the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures carried out where a breach is confirmed. The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures. The NDPC also directed that organisations employing digital payment systems without appropriate technical and organisational measures, as mandated under the Nigeria Data Protection Act, 2023 (NDP Act), will be examined as part of the investigation.