The Nigeria Data Protection Commission (NDPC) has initiated an investigation into a significant data breach involving Remita Payment Services Ltd and Sterling Bank. This action comes in response to alarming claims made by a hacker group known as ByteToBreach, which has alleged that sensitive customer information has been compromised. According to the results published in the material, the implications of this breach could be far-reaching for both companies and their customers.
NDPC Investigation Notice Issued
The NDPC confirmed that a notice of investigation was issued on April 1, 2026, prompting relevant parties to begin providing necessary information to address the situation. The investigation will focus on the types of personal data affected, the nature and extent of the alleged breach, and the potential risks posed to data subjects.
Impact of the Breach
Reports indicate that the breach may have impacted approximately 900,000 customer accounts and over 3,000 employee files at Sterling Bank. In addition, Remita is said to have experienced a breach involving around 3 terabytes of data, which includes sensitive Know Your Customer (KYC) documentation.
NDPC's Goals
The NDPC's primary goal is to safeguard users' personal data and ensure compliance within the fintech and banking sectors.
Following the recent data breach involving Remita Payment Services and Sterling Bank, another significant incident has emerged, where Resolv's infrastructure was compromised, leading to major crypto losses. For more details, see read more.
