NDPC Investigates Data Breach at Corporate Affairs Commission
The Nigeria Data Protection Commission (NDPC) has initiated an investigation into a suspected breach of information systems at the Corporate Affairs Commission (CAC) and has issued regulatory recommendations to bolster data security infrastructure amid rising threats.
CAC Responds to Cybersecurity Incident
In light of the alleged breach, the CAC is actively reviewing its cyber operations and has implemented immediate measures to mitigate potential risks. The commission confirmed the investigation into unauthorized access to a select portion of its information systems.
NDPC Raises Concerns Over Digital Threats
On Friday, the NDPC expressed serious concerns regarding increasing malicious activities aimed at undermining the data security of major databases. Babatunde Bamigboye, NDPC’s Director of Legal Affairs, Enforcement, and Regulation, underscored the urgency of the situation in a formal statement.
Investigation into Previous Breaches
Earlier this year, PREMIUM TIMES had reported on the NDPC’s ongoing investigations into another alleged data breach involving Remita Payment Services Limited, Sterling Bank, and other entities. The commission’s latest statement highlighted a growing trend of large-scale data exfiltration and cross-platform security breaches.
Regulatory Framework and Investigative Focus
According to the Nigeria Data Protection Act, 2023, the NDPC’s investigation will specifically target key areas such as access control mechanisms and the effectiveness of vulnerability assessments and penetration testing (VAPT) procedures. The commission is collaborating with relevant authorities and key organizations to reinforce the overall security framework surrounding personal data processing.
Data Protection Advisory for Organizations
In a separate announcement, the NDPC provided regulatory recommendations for data controllers and processors, reflecting its findings of coordinated attacks on Nigeria’s financial systems and digital infrastructure. Organizations are reminded of the directive from President Bola Ahmed Tinubu, which emphasizes that responsibly managed data is a valuable asset.
Mandatory Security Measures for Compliance
The NDPC has urged all ministries and agencies to rigorously implement data protection measures in line with the Nigeria Data Protection Act, 2023. This includes appointing certified data protection officers, establishing privacy policies, enforcing identity and access controls, and adopting a Zero Trust security architecture. Additional recommendations encompass continuous monitoring, real-time threat detection, and regular system backups to ensure resilience against vulnerabilities.
Commitment to Data Protection and Compliance
The commission reiterated its dedication to safeguarding personal data and enhancing compliance across sectors. However, it has warned that any organization failing to meet the requirements stipulated by the Nigeria Data Protection Act, 2023, may face legal consequences.
