By Boluwatife Oshadiya | April 15, 2026
Key Points
- Corporate Affairs Commission confirms cybersecurity incident involving unauthorised system access
- Agency activates response protocols with National Information Technology Development Agency and other partners
- Businesses urged to monitor records, update passwords, and avoid suspicious communications
Main Story
Nigeria’s Corporate Affairs Commission (CAC) has confirmed it is investigating a cybersecurity incident involving unauthorised access to limited aspects of its information systems, raising fresh concerns over the security of critical government digital infrastructure.
In a public notice issued on April 15, 2026, the Commission disclosed that it had already activated internal response protocols and is collaborating with the National Information Technology Development Agency (NITDA), alongside other relevant government bodies, to determine the scope and potential impact of the breach.
The CAC stated that containment measures have been implemented and additional safeguards deployed to protect its systems and user data while the review continues. The Commission, however, did not disclose the exact nature of the compromised data or the number of affected users, indicating that investigations are still ongoing.
The agency, which manages Nigeria’s corporate registry and business incorporation processes, plays a critical role in the country’s formal economy. Its online portal is widely used by millions of businesses, legal practitioners, and compliance officers for company registration, filings, and regulatory updates.
“The Commission promptly activated its response protocols and is working with NITDA, relevant government agencies and partners to assess the scope and impact,” CAC Management said in the notice.
Stakeholders have been advised to proactively secure their accounts by updating login credentials, monitoring company records on the CAC portal, and remaining vigilant against phishing attempts or unsolicited communications that may exploit the incident.
What’s Being Said
“Appropriate containment measures have been implemented, and additional safeguards are in place,” CAC Management stated in its official notice.
A cybersecurity analyst at Lagos-based firm CyberSafe Africa, Ibrahim Adeyemi, noted that incidents involving public registries carry broader implications. “When a central registry system is exposed, even partially, it creates downstream risks — from identity manipulation to fraudulent filings. The speed and transparency of response are critical,” he said.
An official familiar with Nigeria’s digital governance framework at NITDA added that inter-agency collaboration is now standard in incident response. “NITDA’s role is to ensure compliance with national cybersecurity and data protection standards while supporting forensic investigation,” the official said.
What’s Next
- CAC is expected to release further updates as forensic investigations clarify the extent of the breach
- NITDA may issue advisory guidelines or compliance directives if systemic vulnerabilities are identified
- Businesses and compliance professionals will likely face heightened verification protocols on the CAC portal in the coming weeks
The Bottom Line (Optional)
The Bottom Line: The CAC breach underscores persistent vulnerabilities in Nigeria’s public digital infrastructure, particularly as more regulatory processes move online. How quickly authorities contain risks and restore confidence will be critical to maintaining trust in the country’s corporate registry system.
 has confirmed it is investigating a cybersecurity incident involving unauthorised....){kind=link}