Reported by: Oahimire Omone Precious | Edited by: Pierre Antoine
Nigeria’s data protection authority has opened an investigation into a suspected data breach involving the Corporate Affairs Commission (CAC), raising fresh concerns about cybersecurity vulnerabilities within critical government systems and the safety of citizens’ personal information in an increasingly digital economy.
The probe, announced by the Nigeria Data Protection Commission (NDPC), is being conducted under the provisions of the Nigeria Data Protection Act 2023, a law that sets out standards for the collection, processing, storage and security of personal data in the country. The commission said the move reflects its responsibility to ensure that institutions entrusted with sensitive information adhere strictly to data protection obligations and maintain public confidence.
In a statement issued by the Head of Legal, Enforcement and Regulations at the NDPC, Babatunde Bamigboye, the commission expressed concern over the evolving nature of cyber threats, noting that attackers are increasingly deploying sophisticated techniques capable of breaching multiple interconnected systems simultaneously. He warned that such methods allow cybercriminals to extract large volumes of data, often undetected until significant damage has already been done.
The CAC, which serves as Nigeria’s official registry for companies and businesses, holds extensive records containing sensitive personal and corporate data, including names, addresses, identification details and ownership structures. Any breach involving such a database would have wide-ranging implications, potentially exposing millions of records to misuse, identity theft or unauthorised commercial exploitation.
Stone Reporters note that while the NDPC has not yet confirmed the scale or nature of the suspected breach, the decision to initiate a formal investigation signals that the matter is being treated with urgency at the highest regulatory level. The commission’s response also reflects growing awareness within government circles that cybersecurity risks are no longer isolated incidents but systemic threats requiring coordinated institutional action.
The National Commissioner and Chief Executive Officer of the NDPC, Vincent Olatunji, has directed a team of experts to carry out a comprehensive review of data protection practices not only at the CAC but across connected systems and third-party service providers. According to the commission, the review will focus on key areas including access control mechanisms, risk assessment procedures, and system resilience against cyber intrusion.
Part of the investigation will involve technical evaluations such as Vulnerability Assessment and Penetration Testing, commonly referred to as VAPT. These processes are designed to identify weaknesses in digital infrastructure by simulating cyberattacks under controlled conditions, allowing organisations to detect and fix vulnerabilities before they can be exploited by malicious actors.
In addition to internal system checks, the NDPC is also examining how external partners that process or manage data on behalf of institutions are being monitored. Third-party data processors often play a critical role in modern digital ecosystems, but they can also introduce additional points of risk if not properly vetted and supervised. The commission has emphasised the need for strict due diligence in selecting and overseeing such partners.
The investigation comes at a time when Nigeria is rapidly expanding its digital infrastructure, with increased reliance on online platforms for business registration, financial services, governance and public service delivery. While this transformation has improved efficiency and access, it has also expanded the attack surface available to cybercriminals.
Cybersecurity experts say breaches involving government databases are particularly sensitive because of the concentration of verified personal information they contain. Unlike private platforms, which may hold fragmented or user-generated data, government systems often store legally validated records, making them highly valuable targets for fraud networks and identity theft operations.
Although the NDPC has sought to reassure the public that Nigeria’s data protection systems remain robust, the probe underscores the importance of continuous vigilance and adaptation. The commission said its actions are aimed at strengthening safeguards, maintaining trust in public institutions and supporting the long-term growth of the country’s digital economy.
There has been no official confirmation from the CAC detailing the specific nature of the suspected breach or whether any data has been compromised. The outcome of the NDPC investigation is expected to determine whether there was an actual breach, the extent of any exposure, and what corrective measures will be required.
The development also highlights the increasing role of regulatory oversight in Nigeria’s digital governance framework. Since the enactment of the Data Protection Act, the NDPC has taken on expanded responsibilities, including enforcement, compliance monitoring and public awareness, as part of efforts to align Nigeria with global data protection standards.
For citizens and businesses, the situation serves as a reminder of the growing importance of data security in everyday transactions. As digital systems become central to economic and administrative processes, the protection of personal information is emerging as a critical component of national security and public trust.
The NDPC has indicated that it will continue to provide updates as the investigation progresses, while reiterating its commitment to ensuring that all organisations handling personal data operate within the framework of the law and uphold the highest standards of accountability.
📩 Stone Reporters News | 🌍 stonereportersnews.com
✉️ info@stonereportersnews.com | 📘 Facebook: Stone Reporters News | 🐦 X (Twitter): @StoneReportNew | 📸 Instagram: @stonereportersnews
Add comment
Comments