The Nigeria Data Protection Commission (NDPC) has raised concerns over increasing cyber threats targeting Nigeria’s financial systems and critical digital infrastructure, urging organisations to urgently strengthen their data protection measures.
In a Data Protection Advisory issued on Thursday, the commission revealed that its technical assessment uncovered coordinated activities by what it described as “shadowy threat actors” attacking key national systems. It warned that institutions powering banking services, payment platforms, telecommunications, cloud infrastructure, and public-sector digital services are becoming increasingly vulnerable.
The advisory, signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, called for immediate action from organisations that handle personal data.
“The commission strongly advises that data controllers and processors, including MDAs, urgently step up their technical and organisational measures to safeguard the privacy of Nigerians in line with the Nigeria Data Protection Act, 2023,” the statement said.
The NDPC outlined key steps to reduce cyber risks, including appointing trained and certified Data Protection Officers, implementing robust privacy policies, and conducting Data Privacy Impact Assessments. It also emphasised the need for advanced security frameworks such as multi-factor authentication, zero-trust architecture, and network segmentation.
In addition, organisations were advised to deploy strong identity and access controls, maintain continuous patch management, and secure critical infrastructure such as cloud systems, databases, application programming interfaces, and access credentials.
The commission further recommended real-time monitoring, logging, and threat detection systems, alongside encryption and secure credential management. It also urged entities to conduct regular vulnerability assessments, penetration testing, and ensure reliable backup and recovery systems.
The warning comes amid increased regulatory scrutiny following an ongoing investigation into an alleged data breach involving Remita Payment Services Ltd and Sterling Bank, among others.
According to the NDPC, the investigation seeks to determine the scope of the breach, the categories of personal data affected, potential risks to individuals, and the adequacy of response measures taken.
Reaffirming its commitment to enforcement, the commission warned that failure to comply with the Nigeria Data Protection Act 2023 could expose millions of Nigerians to privacy violations and heightened cyber risks.
