NDPC Alerts Public as Cyberattacks Target Nigeria’s Financial Systems

The Nigeria Data Protection Commission has raised an urgent alarm over coordinated cyber threats targeting the country’s financial systems and critical digital infrastructure.

In a Data Protection Advisory issued on Thursday, the commission warned that “shadowy threat actors” are carrying out coordinated operations against key national systems, including banking services, payment platforms, telecommunications networks, cloud infrastructure, and public-sector digital platforms.

According to the NDPC, these attacks heighten the risk of data breaches and service disruptions, making it imperative for organisations to reinforce their security frameworks without delay.

The advisory, signed by Babatunde Bamigboye, Head of Legal, Enforcement and Regulations at the commission, called on data controllers and processors including Ministries, Departments, and Agencies to urgently strengthen their technical and organisational measures.

“The commission strongly advises that data controllers and processors (including MDAs) are to urgently step up their technical and organisational measures to ensure the privacy of all Nigerians and other data subjects in line with the Nigeria Data Protection Act, 2023,” the statement read.

The NDPC outlined several recommended actions, including the appointment of trained and certified Data Protection Officers, implementation of comprehensive privacy policies, and conduct of Data Privacy Impact Assessments.

Organisations were also urged to deploy multi-factor authentication, adopt a zero-trust security architecture, and implement network segmentation. Other recommendations include real-time monitoring, logging and threat detection systems, encryption, secure credential management, and regular vulnerability assessments and penetration testing.

“Entities should conduct vulnerability assessment and penetration testing on critical systems and maintain regular backup, recovery, and resilience testing,” the commission added.

The advisory follows an ongoing investigation into an alleged data breach involving Remita Payment Services Ltd and Sterling Bank, among others. The NDPC said the probe aims to determine the nature and scope of the breach, the categories of personal data affected, risks to data subjects, and the adequacy of mitigation measures taken.

The commission warned that failure to implement appropriate safeguards could expose millions of Nigerians to privacy violations and heightened cyber risks.