By Boluwatife Oshadiya | April 6, 2026
Key Points
- Nigeria Data Protection Commission launches investigation into alleged breach involving Remita Payment Services Ltd and Sterling Bank
- Notices of investigation issued April 1 as affected parties begin submitting information
- Probe focuses on scope of breach, risks to data subjects, and compliance with Nigeria Data Protection Act 2023
Main Story
The Nigeria Data Protection Commission has opened a formal investigation into an alleged data breach involving Remita Payment Services Ltd, Sterling Bank, and other unnamed entities, marking one of the most high-profile enforcement actions under Nigeria’s data protection regime in 2026.
According to an official statement dated April 5, the Commission confirmed that notices of investigation were served on April 1, with affected organisations and individuals already providing information to support the inquiry. The probe will assess the nature, scale, and potential impact of the breach, including the categories of personal data exposed and the risk posed to data subjects.
The investigation is being conducted under the Nigeria Data Protection Act (NDPA) 2023, which mandates strict technical and organisational safeguards for entities handling personal data. Regulators are expected to scrutinise whether the parties involved implemented adequate cybersecurity controls and incident response measures.
The NDPC also signalled that the investigation could extend beyond the immediate parties, warning that organisations relying on digital payment systems without adequate data protection frameworks may face regulatory scrutiny as part of a broader ecosystem review.
Nigeria’s digital payments sector—driven by platforms like Remita and supported by banking infrastructure—has expanded rapidly in recent years, increasing both transaction volumes and exposure to cyber risks. Industry analysts note that enforcement actions such as this reflect growing regulatory pressure to align with global data protection standards.
What’s Being Said
“The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures,” the NDPC said in its statement.
“Organisations that employ digital payment systems without putting in place appropriate safeguards will also be examined,” said Vincent Olatunji, National Commissioner and CEO of the NDPC.
At press time, both Remita and Sterling Bank had not issued public responses to the investigation.
What’s Next
- NDPC is expected to conclude preliminary findings after reviewing submissions from involved parties
- Potential enforcement actions could include fines, compliance directives, or public disclosures if violations are confirmed
- Broader regulatory audits of fintech and banking data systems may follow as part of sector-wide compliance enforcement
The Bottom Line: Nigeria’s data protection enforcement is entering a more aggressive phase, with regulators targeting core financial infrastructure players. The outcome of this investigation will likely set a precedent for how strictly the NDPA is applied across the country’s fast-growing digital payments ecosystem.
