Nigeria’s data protection regulator, Nigeria Data Protection Commission, has launched a formal investigation into an alleged data breach involving Sterling Bank, Remita Payment Services Ltd. and other entities operating within Nigeria’s digital payments ecosystem.

The Commission disclosed that the probe followed due process, with notices of investigation formally served on the affected organisations on April 1, 2026.

According to a statement issued by the Commission, the institutions under scrutiny have begun cooperating with investigators by supplying relevant information to aid the inquiry.

The statement read: “The Nigeria Data Protection Commission is carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities.

“In line with the Commission’s procedure, Notice of Investigation was duly served on the 1st of April, 2026. Relevant parties and individuals have been providing information for the purpose of addressing the incident.”

The Commission explained that the investigation is aimed at determining whether adequate technical and organisational safeguards were in place to protect the personal data of customers and other affected individuals.

It added that investigators would examine the categories of personal data involved, the scale and nature of the alleged breach, the risks posed to data subjects, as well as steps taken by the organisations to contain the incident where necessary.

Beyond the immediate case, the regulator hinted that the exercise could extend to other digital payment operators suspected of failing to meet obligations under the Nigeria Data Protection Act 2023.

The Commission noted that the wider compliance review is intended to strengthen accountability across the financial technology sector as digital transactions continue to grow nationwide.

It stressed that protecting citizens’ personal information remains central to its mandate amid expanding use of electronic financial services.

The latest development comes amid increasing regulatory attention on data privacy practices in Nigeria, following earlier scrutiny of Temu over possible violations of local data protection laws.