Nigeria’s rapidly expanding digital economy is coming under growing threat as data privacy breaches involving financial institutions, online platforms, government agencies, and individuals continue to rise across the country.
Reports indicate that sensitive personal and financial information—including national identity numbers and bank verification records—is increasingly being exposed, traded, or accessed by unauthorized actors, raising concerns about the safety of citizens’ digital identities.
Despite intensified enforcement efforts by the Nigeria Data Protection Commission (NDPC), incidents of cyberattacks and data misuse continue to surge. The regulator has launched investigations into thousands of organisations and imposed sanctions on some major firms for non-compliance with data protection laws.
In one of the most notable enforcement actions, a large pay-TV operator was fined hundreds of millions of naira for unlawful data processing and cross-border data transfers without proper legal basis. Other financial and digital service providers have also faced scrutiny over alleged security lapses.
The commission has further expanded its oversight, probing over a thousand organisations across sectors including banking, telecommunications, and government services. Authorities say many of these entities are suspected of failing to implement adequate safeguards for user data.
Investigations have also revealed the existence of unauthorized platforms allegedly selling citizens’ personal data at low prices, exposing serious weaknesses in digital security systems and application interfaces.
The NDPC, operating under the Nigeria Data Protection Act 2023, has shifted from awareness campaigns to strict enforcement, with powers to impose significant financial penalties on violators. The agency has also ordered organisations to strengthen internal controls, appoint data protection officers, and improve cybersecurity infrastructure.
Officials warn that threats now include coordinated cyberattacks targeting critical national databases, prompting urgent calls for stronger technical defenses across both public and private institutions.
Experts, while supporting the crackdown, argue that enforcement alone is not enough, urging investment in cybersecurity infrastructure, capacity building, and stronger preventive systems to address the root causes of data insecurity.
As Nigeria’s digital ecosystem continues to expand, concerns remain that millions of citizens are still vulnerable to identity theft, fraud, and other cyber-related risks.
