The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other organisations.
In a statement released on Sunday, the Head of Legal, Enforcement and Regulations at the NDPC, Babatunde Bamigboye, confirmed that a formal notice of investigation was issued to the parties on April 1, 2026, in line with regulatory procedures. He added that the affected organisations have begun submitting relevant information to support the probe.
According to the commission, the investigation is focused on protecting users’ personal data and ensuring that proper safeguards are in place. It will examine the type of data involved, the scale and nature of the breach, the potential risks to individuals, and any steps taken to address the situation if a breach is confirmed.
The NDPC’s National Commissioner and CEO, Dr Vincent Olatunji, has also directed a broader review of organisations operating digital payment systems without adequate data protection measures, as required under the Nigeria Data Protection Act, 2023.
The commission reiterated that the move is part of ongoing efforts to strengthen data privacy and enforce compliance across Nigeria’s growing fintech and banking sectors.
This marks another major step by regulators to ensure accountability and build trust in the country’s digital payment ecosystem.
