FG Begins Investigation as Hackers Allegedly Attack Banks, Report Lists Several Information Exposed

• The NDPC has launched a probe into an alleged data breach involving several financial institutions
• The government agency said that affected parties are cooperating on its investigations
• National Commissioner Vincent Olatunji warns firms without adequate data protection safeguards risk sanctions

Legit.ng journalist Dave Ibemere has over a decade of experience in business journalism, with in-depth knowledge of the Nigerian economy, stocks, and general market trends.

The Nigeria Data Protection Commission (NDPC) has launched an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other institutions.

The commission disclosed this in a statement issued on Monday, April 6, by its Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, who confirmed that a formal notice of investigation was served on April 1 in line with regulatory procedures.

NDPC investigative data breach

Bamigboye said relevant parties and individuals have since been cooperating with the commission by providing information to support the probe and address the alleged incident.

Read also

Tinubu approves N3.3tn power sector debt repayment to boost electricity supply

He said:

“The investigation aims to ensure that data subjects are protected with appropriate technical and organisational measures."

According to him, the scope of the investigation includes the types of personal data involved, the nature and extent of the alleged breach, potential risks to affected individuals, and mitigation steps taken where a breach is confirmed.

Data breach and list of data stolen

The development follows reports by cybercrime tracking platform Dark Web Informer, which claimed in a March 31 post on X that a significant breach linked to Remita had surfaced on a cybercrime forum.

The report alleged that compromised data included about 3 terabytes of storage, over 800GB of KYC documents such as identification cards, passports, bank statements and utility bills, as well as databases, logs, source codes, and more than 35,000 password hashes.

Separately, there were also reports of a potential data breach involving Sterling Bank within the same period, Vanguard reports.

Read also

CBN, banks, fintechs unite to fix payment system gaps with new PSPC platform

Sanctions for institutions with weak data protection policies

Meanwhile, the NDPC’s National Commissioner, Vincent Olatunji, warned that organisations deploying digital payment systems without adequate safeguards would face regulatory scrutiny.

He noted that such measures are required under the Nigeria Data Protection Act 2023 to ensure the integrity and security of Nigeria’s digital ecosystem.

Yahoo boys hack Nigerian bank, steal billions

Earlier, Legit.ng reported that the Federal High Court in Abuja has ordered an additional 30-day freezing of 818 bank accounts suspected of being involved in the alleged proceeds of crime from an N10 billion cyberattack on Hope Payment Service Bank.

The order, which the Inspector General of Police authorises, was granted by the court presided over by Justice James Omotosho on Monday, October 15, 2024. The court relied on a motion ex parte filed by the police.

According to the motion marked FHC/ABJ/CS/1358/2024, filed against James Akagwu Isaac, Akwubo Gosent, and others, including several banks, the IGP’s legal team said that the accounts via which the defendants were alleged to have received the crime proceeds were under investigation, hence the freeze.

Source: Legit.ng