Nigeria's Financial Systems Under Siege: NDPC Fires Warning Shot as Coordinated Cyber Attacks Intensify

Nigeria's data protection regulator has raised a sharp alarm over what it describes as a deteriorating cyber threat environment, warning that criminal actors are now systematically targeting the country's financial systems and critical digital infrastructure.

The Nigeria Data Protection Commission (NDPC) issued a regulatory advisory to all data controllers and processors across the country following a technical assessment that revealed coordinated cyber activities aimed at financial systems and other critical national assets. The commission described the development as a serious risk to data privacy and national security.

The advisory, signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the NDPC, stated that "some shadowy threat actors have engaged in coordinated operations targeting financial systems and some key digital infrastructure in Nigeria."

The warning does not arrive in isolation. The NDPC has already opened a formal investigation into an alleged data breach involving Remita Payment Services Limited, Sterling Bank, and other entities, with notices of investigation issued on April 1, 2026. The commission said the inquiry would examine the nature and scope of the alleged breach, the categories of personal data involved, potential risks to individuals, and any mitigation steps taken.

Separately, the Corporate Affairs Commission disclosed a cybersecurity incident involving unauthorised access to parts of its information systems, urging users to update their login credentials as investigations continue. The back-to-back incidents have intensified scrutiny over the resilience of Nigeria's public and private sector digital infrastructure.

In response, the NDPC has directed organisations to take immediate remedial action. Specific measures demanded include stronger access controls, adoption of multi-factor authentication, encryption of sensitive data, and continuous real-time monitoring to detect and respond to threats. Institutions are also required to conduct regular vulnerability assessments, secure cloud infrastructure, and ensure proper management of digital credentials.

The NDPC warned that organisations failing to comply with the provisions of the Nigeria Data Protection Act, 2023, risk facing legal consequences, noting that enforcement mechanisms are already in place.

The advisory invokes a presidential directive, quoting President Bola Tinubu's declaration that "data is the new oil; its value increases the more it is refined and responsibly shared," with the President directing all Ministries, Departments, and Agencies to rigorously capture and safeguard information under the Nigeria Data Protection Act.

The Federal Government has also indicated plans to establish a Cybersecurity Coordination Council to enhance national cyber resilience, with Minister of Communications, Bosun Tijani, stressing that "cybersecurity is a shared national responsibility" requiring strong partnerships across government, industry, and civil society.

Stay Informed: Visit our website for Breaking News, Intelligence, and Insight