Key points
- Data regulator warns of coordinated cyber threats targeting financial and digital infrastructure.
- Institutions urged to strengthen data protection and cybersecurity frameworks urgently.
- Ongoing probe into alleged data breaches involving major financial service providers.
Main story
Nigeria’s data protection regulator, the Nigeria Data Protection Commission, has raised alarm over coordinated cyberattacks targeting the country’s financial systems and critical digital infrastructure.
In a Data Protection Advisory issued on Thursday, the Commission said its technical assessment uncovered activities by “shadowy threat actors” orchestrating attacks against key national systems.
The NDPC warned that institutions powering banking services, payment platforms, telecommunications, cloud infrastructure, and public-sector digital services are increasingly vulnerable, heightening risks of data breaches and service disruptions.
The advisory, signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, called for urgent action by organisations handling personal data to reinforce their security frameworks.
“The commission strongly advises that data controllers and processors… are to urgently step up their technical and organisational measures to ensure the privacy of all Nigerians,” the statement said.
The issues
The warning comes amid growing concerns over cybersecurity vulnerabilities in Nigeria’s rapidly expanding digital economy.
Financial institutions and digital platforms remain prime targets for cybercriminals due to the volume of sensitive data they process.
Experts say weak security frameworks, outdated systems, and increasing reliance on cloud infrastructure have heightened exposure to cyber risks.
What’s being said
The Nigeria Data Protection Commission outlined key measures organisations must adopt to mitigate threats, including the appointment of certified Data Protection Officers, implementation of robust privacy policies, and regular Data Privacy Impact Assessments.
It also emphasised the need for advanced technical safeguards such as multi-factor authentication, zero-trust architecture, and network segmentation.
“Organisations are expected to deploy robust identity and access controls… and ensure continuous patch management,” the Commission stated.
The regulator further advised real-time monitoring, encryption, secure credential management, and routine vulnerability testing to strengthen resilience.
The advisory comes amid an ongoing investigation into alleged data breaches involving Remita Payment Services Ltd and Sterling Bank.
According to the Commission, the probe is examining the scope of the breach, the data involved, and the adequacy of mitigation measures.
What’s next
The NDPC is expected to intensify regulatory oversight and enforcement of the Nigeria Data Protection Act 2023.
Organisations may face stricter compliance requirements, with possible sanctions for failing to implement adequate data protection measures.
Further updates are also anticipated as investigations into the alleged breaches progress.
Bottom line
The NDPC’s warning underscores rising cybersecurity threats in Nigeria’s digital ecosystem. Strengthening data protection frameworks will be critical to safeguarding financial systems and protecting millions of Nigerians from potential data breaches.
