NDPC Probes Sterling Bank, Remita For Alleged Data Breach

Nigeria’s data protection regulator has begun a formal probe into a suspected breach involving key players in the country’s digital payments space, including Remita Payment Services Ltd. and Sterling Bank.

The Nigeria Data Protection Commission disclosed in a statement that the inquiry followed established procedures, with official notices issued to the organisations involved at the start of April.

According to the agency, those affected have started cooperating with investigators by submitting necessary details to clarify the circumstances surrounding the incident.

The statement reads, “The Nigeria Data Protection Commission is carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd. Sterling Bank and other entities.

“In line with the Commission’s procedure, Notice of Investigation was duly served on the 1st of April, 2026. Relevant parties and individuals have been providing information for the purpose of addressing the incident.

“The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures.

“The investigation by NDPC covers, among others, the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures carried out where a breach is confirmed.”

Beyond the immediate case, the regulator indicated that the review may extend to other organisations operating digital payment systems without sufficient safeguards, as required under the Nigeria Data Protection Act, 2023.

This broader scrutiny, directed by the Commission’s leadership, is aimed at reinforcing compliance standards and safeguarding user data across the financial technology landscape.

The NDPC emphasised that its focus remains on ensuring accountability and protecting personal information as digital financial services continue to expand.

The latest move adds to a series of regulatory actions targeting data privacy practices in Nigeria. Earlier this year, the commission initiated a separate review of the operations of Temu over potential violations of data protection laws.