152,000 Nigerian Bank Accounts Compromised as ATM Card Theft, Mobile App Hacks, Others Surge

• Cybersecurity firm Surfshark Nigeria reports that cyber theft risk in Nigeria’s banking sector jumped 56% in the first half of 2025
• These cyber thefts have affected about 152,000 accounts, with many customers losing funds despite promptly alerting their banks
• Experts warn that without consumer protection, the rapid shift to digital banking will continue to expose depositors to significant fraud risks

Legit.ng journalist Victor Enengedi has over a decade's experience covering Energy, MSMEs, Technology, Banking and the Economy.

Nigeria’s banking sector is grappling with a growing wave of unauthorised withdrawals and account breaches, leaving thousands of customers financially devastated and emotionally drained.

Reports from cybersecurity firm Surfshark Nigeria indicate that cyber theft risk rose by 56% in the first half of 2025, impacting about 152,000 accounts.

Social media has become awash with viral videos of distressed customers confronting bank staff over vanished funds.

The situation lays bare significant weaknesses in banks’ security systems and heightens anxiety among depositors.

Read also

MTN, Airtel, others increase earnings to N3trn as Nigeria’s appetite for data nearly doubles in 2 years

Nigeria ranks high for data breaches

While the country’s shift to digital banking has boosted inclusion and operational efficiency, investigations reveal that it has also introduced significant vulnerabilities.

Many customers discover their accounts have been emptied even after notifying their banks about lost cards or suspicious activities, with institutions often refusing liability and shifting the burden to victims.

Surfshark Nigeria noted that more than half (56%) of those affected by data leaks are at heightened risk of both bank theft and identity fraud, despite an overall decline in breach numbers.

The report also noted that Nigeria ranked third in Sub-Saharan Africa for total data breaches, with about 13 million accounts compromised since 2004.

In 2024 alone, the Nigeria Inter-Bank Settlement System (NIBSS) estimated that fraudsters stole roughly N400 million through accounts opened with stolen identities—figures experts believe are under-reported.

Reviewed cases show a recurring trend which includes stolen ATM cards, hacked mobile apps, and suspicious debits often met with delayed or no action from banks, allowing criminals to empty accounts within hours.

Read also

Dollar falls at official window as Nigeria’s FX reserves near $40 billion after 21 inflows

Surfshark’s data also revealed that globally, the total compromised accounts dropped by 93%, from 973.7 million in Q4 2024 to 68.3 million in Q1 2025.

The countries hardest hit by these breaches were the United States (16.9 million cases), Russia (4.4 million), India (4.2 million), Germany (3.9 million), and Spain (2.4 million).

On a per-capita basis, France recorded the highest breach density at 172 compromised accounts per 1,000 people, trailed by Israel (130), the United States (123), Singapore (26), and Canada (24).

CBN takes action on rising fraud cases

Under mounting public pressure, the Central Bank of Nigeria (CBN) has pledged to investigate rising fraud cases and sanction negligent institutions.

The apex bank has urged affected customers to formally lodge complaints with its consumer protection department and is reportedly reviewing some banks for repeated security lapses.

The CBN had earlier called on banks nationwide to make substantial investments in cybersecurity to safeguard depositors’ funds from hackers.

Read also

Mass failure in 2025 WASSCE: Stakeholders blame systemic challenges and exam malpractice

According to Luís Costa, Surfshark’s research lead, even though the number of vulnerable accounts fell across all major regions in Q1 2025 compared to the previous quarter, individuals must stay alert and maintain robust security habits.

Costa said:

“To protect personal and organisational data, it is essential to follow strong security practices, regularly update passwords, enable 2FA, and stay informed about potential risks.”

Although measures such as the Nigeria Data Protection Act exist, poor enforcement and inadequate digital practices among users continue to pose serious challenges.

Industry analysts warn that while technology has revolutionised Nigeria’s banking landscape, regulatory oversight, transparency, and robust consumer protection mechanisms must advance in parallel to keep customers safe.

Bank uncovers app fraudsters use to hack accounts

In a related development, Legit.ng reported that Wema Bank has alerted customers to a newly identified malware, known as “Brokewell,” being deployed by fraudsters to hack accounts and steal sensitive information.

Read also

Naira wobbles, Black Market, Official Window Narrow Gap as foreign reserves near $40bn

The bank warned customers to remain vigilant and avoid downloading the malware, which is engineered to capture personal data and banking credentials.

According to Wema Bank, “Brokewell” is being distributed through multiple channels, including phishing emails and malicious websites.

Source: Legit.ng