The Nigeria Data Protection Commission (NDPC) has launched an investigation into Remita Payment Services Ltd. and Sterling Bank following reports of a potential large-scale data breach. The probe aims to determine the extent of the alleged breach and ensure that affected data subjects are adequately protected.

A formal Notice of Investigation was served on April 1, 2026, to both Remita and Sterling Bank. The NDPC confirmed that relevant parties and individuals are providing information to address the incident.

Cybercrime tracking platform Dark Web Informer reported on March 31 that a massive breach allegedly from Remita, a major Nigerian payment processing platform, had been leaked on a popular cybercrime forum. The report indicated that the breach involved approximately 3TB of S3 storage and over 800GB of KYC documents, including IDs, passports, bank statements, and electricity bills. Databases and logs were also reportedly compromised.

PREMIUM TIMES reached out to Remita for comment but received no response. Reports of a separate alleged data breach involving Sterling Bank also surfaced around the same period.

In its statement, the NDPC emphasized that the investigation is to ensure data subjects are protected with appropriate technical and organisational measures. The probe will cover the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures carried out if a breach is confirmed.

The commission also stated that companies using digital payment systems without adequate technical and organisational measures will be examined. This is part of a wider effort to ensure the integrity of the ecosystem, as directed by the NDPC's National Commissioner/CEO, Dr. Vincent Olatunji, under the Nigeria Data Protection Act, 2023.