Physical Address
4 Elgon Terrace, Kololo, Kampala, Uganda
The NDPC data breach investigation highlights the regulator’s commitment to safeguarding personal information in an era of increasing digital transactions. Remita Payment Services Ltd and Sterling Bank are among the entities under review following reports of a possible breach.
The formal process began when the NDPC issued the Notice of Investigation on April 1, 2026. By April 5, 2026, the Commission had publicly acknowledged the action and confirmed that affected parties were cooperating by submitting relevant details.
Through this NDPC data breach investigation, the Commission will assess several critical areas. These include identifying the categories of personal data potentially exposed, evaluating the scale of the incident, understanding the risks posed to data subjects, and reviewing any remedial steps already taken by the organizations involved.
Dr Vincent Olatunji emphasized that all organizations handling digital payments must comply fully with the Nigeria Data Protection Act 2023. The NDPC will continue to monitor entities that fail to implement proper technical and organizational safeguards for personal data.
This NDPC data breach investigation serves as a strong signal to the entire fintech and banking industry. Companies must prioritize robust data protection frameworks to avoid regulatory action and maintain public confidence in Nigeria’s digital economy.
As digital financial services expand rapidly, effective data protection has become essential. The NDPC continues to play a central role in enforcing the Nigeria Data Protection Act 2023, ensuring that innovation does not come at the expense of citizens’ privacy rights.
