Nigeria’s data regulator, the Nigeria Data Protection Commission, has raised fresh concerns over coordinated cyberattacks targeting the country’s financial systems and critical digital infrastructure.
The Commission urged organisations to urgently strengthen their data security frameworks to prevent potential breaches and service disruptions.
In a Data Protection Advisory issued on Thursday, the NDPC revealed that its technical assessment uncovered activities by “shadowy threat actors.”
According to the Commission, these actors are carrying out coordinated attacks aimed at compromising key national systems.
Financial and Digital Systems at Risk
The NDPC identified several vulnerable sectors, including:
- Banking services
- Payment platforms
- Telecommunications networks
- Cloud infrastructure
- Public-sector digital systems
The Commission warned that these sectors face increased risks of data breaches and operational disruptions if adequate safeguards are not implemented.
Advisory to Data Controllers and Organisations
In the advisory signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations, the Commission called for immediate action.
It directed all data controllers and processors—including Ministries, Departments, and Agencies (MDAs)—to strengthen both technical and organisational measures in line with the Nigeria Data Protection Act 2023.
The NDPC stressed that protecting personal data remains a legal and ethical responsibility.
Key Security Measures Recommended
To reduce exposure to cyber threats, the Commission outlined several critical steps:
- Appoint trained and certified Data Protection Officers
- Develop and implement comprehensive privacy policies
- Conduct Data Privacy Impact Assessments
- Deploy multi-factor authentication systems
- Adopt zero-trust security architecture
- Strengthen network segmentation and access controls
Additionally, organisations must:
- Secure cloud systems, databases, and APIs
- Implement real-time monitoring and threat detection
- Use encryption and secure credential management
- Conduct regular vulnerability and penetration testing
- Maintain reliable backup and recovery systems
The advisory comes amid heightened scrutiny following an ongoing investigation into an alleged data breach involving:
- Remita Payment Services Limited
- Sterling Bank
The NDPC said the probe will determine:
- The scope of the breach
- The type of personal data affected
- Risks posed to individuals
- Adequacy of response measures
The Commission warned that failure to implement proper safeguards could expose millions of Nigerians to privacy violations and financial risks.
As digital services expand across Nigeria’s economy, cybersecurity threats continue to evolve, making proactive protection measures more critical than ever.
The NDPC’s warning highlights the urgent need for stronger cybersecurity across both public and private sectors.
Experts say organisations must move beyond basic compliance and adopt advanced security frameworks to stay ahead of increasingly sophisticated cyber threats.
