NDPC probes massive Remita breach exposing user KYC data
The Nigeria Data Protection Commission (NDPC) has launched an investigation into a major alleged data breach involving Remita Payment Services and Sterling Bank. The probe started after the commission received a 'Notice of Investigation' on April 1. This follows a Dark Web Informer report from March 31 claiming that over 3 terabytes of data were stolen from Remita's systems.
The alleged breach reportedly includes more than 800GB of KYC documents—such as IDs, passports, photos, bank statements, and electricity bills—along with databases, password hashes for over 35,000 users, source codes, and even government HSM keys. Remita did not respond to Premium Times' requests for comment. A separate alleged breach involving Sterling Bank around the same period is also under review.
NDPC states the investigation will assess the types of personal data involved, the scope of the breach, risks to users, and whether affected companies had required technical safeguards under the Nigeria Data Protection Act 2023. The commission's CEO has directed that any organisation using digital payment systems without proper data protection measures will be examined.
This incident potentially exposes millions of Nigerians' sensitive financial and identity information to fraud. If you use Remita or Sterling Bank services, immediately monitor your bank accounts and credit reports for unauthorised activity, change passwords on all financial platforms, and be vigilant for phishing attempts using your stolen personal data.