In a statement released on Sunday, April 5, 2026, the Nigerian Data Protection Commission (NDPC) announced it was conducting an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank, and other entities.

In the statement released on Sunday, the NDPC stated that it was investigating the alleged data breaches to ensure the protection of data subjects and to find mitigation measures to counter these breaches.

According to the statement, "the investigation aims to ensure the protection of data subjects through appropriate technical and organizational measures." According to the information, "the investigation conducted by the NDPC specifically covers the types of personal data affected, the nature and extent of the alleged breach, the risk to data subjects, and the mitigation measures implemented once a breach is confirmed."

The Head of Legal, Enforcement & Regulations at the NDPC, Babatunde Bamigboye, mentioned in the statement that the efforts are in line with the commission's procedure, following receipt of the "notice of investigation" on April 1. According to the NDPC, the parties and data subjects involved have provided information to resolve the incident. According to the report, a total of "3 TB of S3 storage, over 800 GB of KYC documents (ID cards, passports, photos, bank statements, utility bills), MySQL/Postgres databases, logs, Docker registries, source codes, government HSM keys, GitKraken backups to S3 and source codes, over 35,000 password hashes, and three databases" were compromised on the Remita platform.