By Boluwatife Oshadiya | April 17, 2026
Key Points
- NDPC launches investigation into alleged data breach at Corporate Affairs Commission
- NITDA directs all MDAs to immediately strengthen cybersecurity frameworks and controls
- CAC announces scheduled portal maintenance amid ongoing system concerns
Main Story
The Nigeria Data Protection Commission (NDPC) has opened an investigation into a reported data breach at the Corporate Affairs Commission (CAC), escalating concerns over the security of government-held data and digital infrastructure.
The probe, initiated under Section 46(3) of the Nigeria Data Protection Act (NDPA) 2023, will examine the integrity of CAC’s data protection systems, including access control mechanisms, vulnerability assessments, and third-party data processing protocols. The move follows indications of potential large-scale data exfiltration and cross-platform compromises targeting interconnected government systems.
NDPC’s National Commissioner and CEO, Dr Vincent Olatunji, has directed the Commission’s technical team to collaborate with relevant authorities to reinforce safeguards around personal data processing and mitigate systemic risks.
In a parallel development, the National Information Technology Development Agency (NITDA) and CAC confirmed the activation of coordinated cybersecurity response measures. NITDA has issued a directive mandating all Ministries, Departments, and Agencies (MDAs) to urgently review and strengthen their cybersecurity architecture in line with the National Cybersecurity Policy and Strategy (NCPS) 2021.
The directive includes compulsory security audits, vulnerability remediation, stricter access controls, and enhanced monitoring systems to detect and respond to cyber threats. Agencies are also required to maintain robust backup systems and establish effective incident response frameworks, including prompt breach reporting protocols.
Amid these developments, CAC announced a scheduled maintenance exercise for its portal, set to run from midnight on April 17 to 6:00 a.m. on April 20, during which services may be temporarily unavailable.
What’s Being Said
“The investigation underscores the importance of fostering trust in Nigeria’s economic environment, particularly as threat actors deploy increasingly sophisticated methods targeting critical databases,” said Dr Vincent Olatunji, National Commissioner/CEO, NDPC.
“All MDAs must adopt proactive cybersecurity measures and immediately reinforce their systems to address emerging threats to government infrastructure and sensitive data,” said Hadiza Umar, Director of Corporate Communications, NITDA.
“We will be carrying out scheduled maintenance on our portal this weekend… we regret any inconvenience this may cause,” said CAC Management in a public notice.
What’s Next
- NDPC is expected to release preliminary findings from its investigation into CAC’s data systems in the coming weeks
- MDAs are required to implement NITDA’s cybersecurity directives immediately, with compliance likely to be monitored
- CAC’s portal is scheduled to resume full operations after maintenance by April 20, subject to system stability
The Bottom Line:
Nigeria’s data protection and cybersecurity architecture is facing a real-time stress test. The coordinated response by NDPC and NITDA signals regulatory urgency, but sustained enforcement and infrastructure upgrades will determine whether public trust in government digital systems can be maintained.
 has opened an investigation into a reported data breach at the Corporate Affairs Commission...){kind=link}