An ongoing investigation by the Nigeria Data Protection Commission (NDPC) into an alleged data breach involving Sterling Bank is raising fresh concerns across Nigeria’s banking sector, with customers, stakeholders and regulators demanding answers over the safety of sensitive financial data.
Sterling Bank CEO, Abubakar Suleiman
The probe follows claims by a suspected dark web actor, identified as ByteToBreach, who has alleged responsibility for breaching the bank’s systems and accessing a significant volume of customer and employee information.
While the claims have not been independently verified by regulators, ENigeria Newspaper suggest that the breach may involve data linked to hundreds of thousands of accounts, including personally identifiable information such as Bank Verification Numbers (BVN), account details, identification records, and transaction histories.
Dr. Vincent Olatunji, National Commissioner and Chief Executive Officer of NDPC
You May Like:Powerful 13-Member Jury Arrives For AFRIMA
The development has triggered anxiety among customers, many of whom are questioning the integrity of digital banking platforms and whether their personal information remains secure.
Industry stakeholders say the situation underscores growing vulnerabilities in financial institutions’ digital infrastructure, particularly as cyber threats become more sophisticated.
You May Like:Providus Bank Faces Scrutiny in $7m Row
According to sources familiar with the matter, the alleged breach may have exploited a vulnerability in Oracle WebLogic Server, a middleware system widely used to connect customer-facing applications to backend databases. The reported method of attack, which allegedly bypassed authentication layers, has further intensified concerns about systemic weaknesses in cybersecurity architecture.
For many observers, the issue goes beyond the immediate incident, raising broader questions about the adequacy of investments in cybersecurity within the banking sector.
“The real concern here is not just whether a breach occurred, but whether institutions are doing enough to prevent such risks in the first place,” responders to the incident have asked.
In response to the development, the NDPC has confirmed that it has launched a formal investigation into the alleged breach, with Sterling Bank and Remita Payment Services Limited both coming under regulatory scrutiny.
The Commission disclosed that a Notice of Investigation was issued on April 1, 2026, and that relevant parties are currently being engaged as part of the process.
Dr. Vincent Olatunji, National Commissioner and Chief Executive Officer of the NDPC, has directed that the probe be expanded, stressing that any organisation found to have violated provisions of the Nigeria Data Protection Act (2023) would face appropriate sanctions.
Although Sterling Bank has yet to issue a comprehensive public response to the allegations, analysts say the outcome of the investigation could have far-reaching implications for regulatory compliance,.
As the probe continues, Nigerians await the actions or otherwise of NDPC, especially if both organizations are found wanting.
Post Views: 8
