The Nigeria Data Protection Commission (NDPC) has warned of coordinated cyber threats targeting the country’s financial systems and critical digital infrastructure, urging organisations to urgently strengthen their data protection frameworks.
In a Data Protection Advisory issued on Thursday, the Commission said its technical assessment had uncovered activities by “shadowy threat actors” aimed at compromising key systems across sectors.
The warning reflects growing concern among regulators over the vulnerability of institutions that underpin payments, banking, telecommunications, cloud services, and public sector digital platforms.
In the advisory signed by the Head of Legal, Enforcement and Regulations, Babatunde Bamigboye, the NDPC called on data controllers and processors, including government agencies, to enhance both technical and organisational safeguards.
The Commission stressed the need for compliance with the Nigeria Data Protection Act, 2023, noting that organisations must take immediate steps to protect personal data and reduce exposure to cyber risks.
Recommended measures include appointing certified Data Protection Officers, implementing robust privacy policies, and conducting Data Privacy Impact Assessments. The NDPC also urged organisations to adopt stronger security controls such as multi-factor authentication, zero trust architecture, network segmentation, and continuous patch management.
Additional safeguards highlighted include securing cloud infrastructure, application programming interfaces, and databases, alongside deploying real-time monitoring and threat detection systems. The Commission also advised regular vulnerability assessments, penetration testing, and maintaining resilient backup and recovery systems.
The advisory comes amid ongoing investigations into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities, as regulators intensify scrutiny of data protection practices in Nigeria.
