By Boluwatife Oshadiya
Key Points
- Threat actor “ByteToBreach” claims breach of Ikeja Electric systems
- Alleged encryption of over 50 hosts and disruption of operations
- Sensitive data reportedly compromised, including customer and employee records
- Incident remains unverified as of April 28, 2026
Main Story
A threat actor identified as “ByteToBreach” has claimed responsibility for a significant cyberattack targeting Ikeja Electric, one of Nigeria’s largest electricity distribution companies, raising fresh concerns about cybersecurity vulnerabilities in the country’s critical infrastructure.
According to threat intelligence disclosures observed on April 28, 2026, the attacker alleges that more than 50 hosts within Ikeja Electric’s network were encrypted, resulting in operational disruptions and the takedown of multiple subdomains.
The threat actor further claims to have exfiltrated a wide range of sensitive data, including customer records, employee information, internal business databases, proprietary source code, and Active Directory data with reportedly cracked credentials.
Additionally, the breach is said to have impacted metering platforms linked to multiple third-party vendors, potentially extending the scope of the disruption beyond the core utility infrastructure.
Despite the severity of the claims, the incident remains unverified at the time of reporting.
What’s Being Said
Cybersecurity analysts warn that attacks on energy and utility providers are becoming increasingly sophisticated, often targeting operational technology systems alongside traditional IT infrastructure.
The alleged breach underscores systemic risks within Nigeria’s power sector, where digital transformation efforts have not always been matched with robust cybersecurity frameworks.
An ESIX© risk score of 6.18 suggests a moderate-to-high threat level, indicating potential operational and reputational damage if confirmed.
What’s Next
Ikeja Electric is yet to issue an official statement confirming or denying the breach. Industry experts expect regulatory bodies and cybersecurity agencies to initiate investigations to verify the claims and assess the extent of any potential compromise.
If confirmed, the incident could accelerate calls for stricter cybersecurity compliance standards across Nigeria’s energy sector, particularly for critical national infrastructure operators.
