Search

NDPC Investigates Remita, Sterling Bank Over Alleged Data Breach

Cyber threats and incidents
By Evan Rowe
Credit: Sterling Bank

Related

Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Community College

California’s community college districts serve large and varied populations...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California Universities

California’s university sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s High-Tech Manufacturing Industry

California’s high-tech manufacturing sector sits at the intersection of...
Read more

Share

What happened

The Nigeria Data Protection Commission is investigating an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other entities. The commission said a Notice of Investigation was served on April 1, 2026, and that relevant parties and individuals have been providing information as the review continues. According to the commission, the investigation is examining the types of personal data involved, the nature and scope of the alleged breach, the risks to affected data subjects, and any mitigation measures taken if a breach is confirmed. The commission also said the wider review will cover organizations using digital payment systems without the technical and organizational measures required under the Nigeria Data Protection Act, 2023. 

Who is affected

The direct exposure is still being assessed, but the investigation centers on alleged compromise involving Remita Payment Services Ltd., Sterling Bank, and other connected entities within the digital payment ecosystem. The commission said its focus includes the personal data involved and the risks posed to data subjects if a breach is confirmed. 

Why CISOs should care

This matters because the investigation goes beyond a single alleged incident and extends to whether organizations using digital payment systems have implemented the technical and organizational protections required by law. It also puts attention on how payment ecosystem weaknesses can create broader regulatory and operational exposure when personal data handling controls are under scrutiny. 

3 practical actions

  1. Review payment-system controls: Reassess whether digital payment environments have the technical and organizational safeguards required to protect personal data. 
  2. Map the personal data involved: Identify exactly what categories of personal data move through payment workflows so impact can be scoped quickly if an incident occurs. 
  3. Prepare for regulator-led investigation: Ensure breach response plans can support rapid information sharing with regulators when a suspected payment-related data incident comes under formal review. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

Previous article
Oklahoma Tax Commission Data Breach Exposes Taxpayer Information in OkTAP Portal Incident
Next article
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Founders, Analysts & Industry Voices

CISOs to Watch in California County and City Level Government

California’s county and city governments operate some of the...
Founders, Analysts & Industry Voices

CISOs to Watch in California State Government

California state government depends on cybersecurity leaders who can...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.